Thursday, May 21, 2015

1.1 Million Carefirst Members In D.C-Data Breach

As many as 1.1 million Washington, D.C., BlueCross BlueShield members may have had their information accessed in a cyber-breach that occurred in June of 2014.
CareFirst BlueCross BlueShield announced Wednesday it had been the target of a "sophisticated cyberattack," the company said in a release.
The attackers could have potentially acquired members' names, birth dates, email addresses and subscriber identification numbers.
However, CareFirst said its user names must be used in conjunction with a member-created password to gain access to underlying member data on the website.
The database that was breached did not include these passwords, which were encrypted and stored in a separate system as a safeguard against such attacks.
That means the attackers did not have access to member Social Security numbers, medical claims, employment, credit card, or financial information, CareFirst said.
The company is blocking member access to the accounts that might have been compromised, and is asking members to create new user names and passwords for them.
The attack came to light when CareFirst hired Mandiant, the cyber-forensics unit of computer security company FireEye, to review its security in the wake of recent cyber attacks on other health insurers.
"The intrusion was orchestrated by a sophisticated threat actor that we have seen specifically target the health care industry over the past year," said Charles Carmakal, managing director of Mandiant.
The fact that the health care company's members are primarily based in Northern Virginia, Maryland and Washington D.C. is not lost on people in the security community.
"Obviously, we know what's there," said Rick Holland with Forrester Research, contemplating the heavy concentration of government, military and contractors in the region.
There has been speculation that previous health care computer breaches could also be linked to China, including those at AnthemPremera and Community Health System.
Industrial spying by China is well known. On Tuesday federal prosecutors made public charges against a Chinese espionage ring that included two professors who studied together at the University of Southern California. The ring stole trade secrets and gave them to Chinese companies.
 Elizabeth Weise, USATODAY6:31 p.m. EDT May 20, 2015