ALERT! CareFirst Health Insurance Hacked…Last June ALERT!

Published On May 21, 2015 | By Tom Huskerson | Alerts, News and Analysis

carefirstbcbs2color_2According to a Wall Street Journal report Washington, D.C.-based not-for-profit health insurer CareFirst BlueCross BlueShield announced Wednesday it had suffered a major data breach…last June! 

The data breach was announced Wednesday, following cyber security firm FireEye completed review of the attack late last week.

Hackers targeted and gained access to the personal information including birth dates, names, email addresses and subscriber information of over one million of its customers. 

“This breach provides further evidence that cyber security defenses in the healthcare industry are still one step behind sophisticated hackers. The first question to ask is: was the compromised database properly encrypted? Encryption is widely recognized as a best practice and it is vitally important for a company like CareFirst, which is handling sensitive patient information. Healthcare companies are prime targets for hackers,” Greg Kazmierczak, CTO of Wave Systems, told DC Inno.

CareFirst, along with Anthem Insurance and Primera BlueCross, becomes the third major health insurer this year to report a data breach. CareFirst has hired FireEye to investigate the breach and mitigate the damage.

“The intrusion was orchestrated by a sophisticated threat actor that we have seen specifically target the health-care industry over the past year,” FireEye said in a statement.

A representative of CareFirst stated that the compromised database “contained no member social Security numbers, medical claims, employment, credit card or financial information.” The insurer also stated that when they first detected the attempted attack last April, they believed they were successful in deflecting the infiltration.

But criticism of CareFirst has already begun. “Not only should the database have been encrypted, but access to the database should have been protected by 2-factor authentication. By having multiple identifying factors, it is dramatically harder for a hacker to gain entry into this type of database. While CareFirst stated that social security numbers and credit cards were not held in the database, access to names, birth dates, and email addresses can lay the groundwork for future intelligence gathering and cyber intrusions. Without strong encryption and access management, expect medical fraud and identity theft to run unchecked,” Kazmierczak said.

Breaking It Down

This is simply another sign of sloppy data handling by a major company. This should have never happened to CareFirst. But what do you expect when you have absolutely poor data security standards in the health care industry. Another sad fact is that the company experienced this data breach last year but is just announcing it now. Thats why we have to have a national data breach standard law and we need it now! CareFirst is trying to make its customer feel better by saying no information such as social security numbers, medical claims, employment, credit card or financial information was in the data base. So what! The information that was there is enough for a cyber criminal to use to hijack an email account, launch a phishing campaign, or even steal an identity. With the information they did get they can get the rest.  As for black people who ask “what does that mean to me?” I just told you.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *