Health insurer CareFirst reveals cyberattack affecting 1.1 million
A large U.S. health insurer, CareFirst BlueCross BlueShield, has disclosed it fell victim to a cyberattack that affected about 1.1 million people.
The attack, which occurred in June last year, targeted a single database that contained information about CareFirst members and others who accessed its websites and services, the company said Monday.
The nonprofit has 3.4 million members, mostly around Maryland, Washington, D.C., and Northern Virginia.
“We were the subject of a cyberattack,” a somber looking Chet Burrell, the company’s CEO, says in a video posted to its website.
CareFirst said customer names, birth dates, user names, email addresses and subscriber ID numbers may have been stolen. The database did not contain Social Security numbers, medical claims or financial information, it said. And member passwords were encrypted and stored in a different system, CareFirst said.