CareFirst breached again, notifying 6,800 members of phishing attack

CareFirst breached again, notifying 6,800 members of phishing attack

A phishing assault on CareFirst BlueCross BlueShield has doubtlessly breached the non-public knowledge of 6,800 sufferers, the Baltimore-based insurer introduced on Friday.

On March 12, CareFirst officers found an worker had fallen sufferer to a phishing e mail, which compromised their account. Whereas the hacker seems to have solely used the account to ship spam messages to an e mail account, officers couldn’t rule out unauthorized entry by the hacker.

[Also: Supreme Court rejects CareFirst bid to review breach case]

The e-mail account contained private info together with names and member identification numbers, dates of delivery. Such a knowledge can be utilized for medical fraud. For eight members, Social Safety numbers had been included. No monetary or medical info was compromised.

CareFirst employed a third-party safety agency to assist with its investigation, which concluded no different suspicious exercise was detected on its system. All members concerned within the breach are being provided free credit score monitoring and identification theft safety for 2 years.

[Also: The biggest healthcare data breaches of 2018 (so far)]

The breach comes about three years after asserting the insurer was hit by a cyberattack that breached the information of about 1 million members. These victims of the assault, regardless of a number of appeals by CareFirst to have the case dismissed, are at the moment suing.

An out of doors celebration detected that breach, and it took officers practically a 12 months to inform victims that hackers stole their private info. CareFirst has improved its safety response, because it took lower than a month to inform members of this latest breach.

Twitter: @JessieFDavisEmail the author: jessica.davis@himssmedia.com

Be the first to comment on "CareFirst breached again, notifying 6,800 members of phishing attack"

Leave a comment

Your email address will not be published.


*