In the latest cyberattack against a health insurer, CareFirst BlueCross BlueShield says that attackers gained access to a database that included the names of 1.1 million people. The company said yesterday that the breach happened in June after a "sophisticated cyberattack." The attackers got into a database that included the names, usernames, birth dates, email addresses, and subscriber ID numbers of about 1.1 million current and former members and people who did business with CareFirst. The attackers did not get access to members' passwords because those are encrypted and stored in a separate system, CareFirst says. They also didn't get access to Social Security numbers, medical claims, or credit cards, and the company says there is no evidence of other breaches.
CareFirst, based in Baltimore, provides health insurance and services to 3.4 million people in Maryland, Northern Virginia, and Washington, DC. The company is offering two years of free credit monitoring and identity theft protection to consumers affected by the breach. Earlier this year Anthem, the second largest health insurer in the US, disclosed a data breach that affected as many as 80 million people. Premera Blue Cross, a health insurer based in the Pacific Northwest, said a breach may have exposed information belonging to 11 million people. The FBI suspects China may be behind all three attacks, the New York Times reports. Health care data breaches have grown over the last few years, and researchers say the industry has become a major target for cyber criminals. The FBI thinks China is trying to assemble a vast data trove.