1.1 Million User Records Stolen From Health Insurer CareFirst

Illustration for article titled 1.1 Million User Records Stolen From Health Insurer CareFirst

The health insurer CareFirst BlueCross BlueShield has announced that a cyber attack has stolen 1.1 million records of both current and former members.


The insurer, which operates in Maryland, Virginia and the District of Columbia, has a total of 3.4 million users. In a statement made yesterday, it admitted that 1.1 million of those records had been hacked in June 2014. CareFirst only noticed that the records had been compromised as part of a security refresh, undertaken because of the spate of recent healthcare hacks.

CareFirst claims that hackers only accessed one database, but that they could have made away with names, birth dates, email addresses and member identification numbers. Mercifully, there were no Social Security or credit card details in the database. The company’s now blocked these user accounts and asked members to create new ones.

This isn’t the first healthcare insurance hack of recent time. Most notably, Anthem was hacked earlier this year, with up to 98.6 million user records being compromised. By comparison, this CareFirst hack is small beer—but it does reinforce the worrying trend of healthcare industry hacks. [Reuters on Re/code]


So many BCBS hacks. They should change their name to Blue Cross No Shield