Breach at health insurer CareFirst exposes 1.1M customer records

Breach at health insurer CareFirst exposes 1.1M customer records
© Thinkstock

Health insurer CareFirst BlueCross BlueShield revealed Wednesday that hackers infiltrated a database with the records of 1.1 million customers.

It’s the third major health insurance data breach in 2015, following mammoth hacks at Anthem and Premera BlueCross that exposed over 90 million customers’ records and Social Security numbers.

CareFirst, which serves the Washington, D.C., area, said the breach occurred last June, but was only discovered recently during a security upgrade in the wake of the Anthem and Premera incidents.

Wednesday's disclosure is likely to reignite worries about the cyber defenses in the health insurance industry.

Fortunately for CareFirst’s customers, no credit card information, financial data or Social Security numbers were exposed in the cyberattack, lowering the risk of identity theft.

Still, CareFirst warned the database does contain enough sensitive information — including names, birth dates, email addresses and subscriber identification numbers — that its customers are at risk of credit fraud and identity theft.

In the case of Anthem and Premera, it’s believed Chinese hackers were digging for information on high-level government officials and industry executives. There’s evidence the two were even part of the same cyber espionage campaign.

The U.S. government has repeatedly accused Beijing officials of orchestrating widespread digital efforts to pilfer U.S. trade secrets and gather intelligence on Americans.

It’s unclear yet whether the CareFirst hack was related to the Anthem and Premera breaches.