Data From Over 200,000 CareFirst BlueCross Users Stolen by Hackers

CareFirst BlueCross Health Plan District (CHPDC ) recently alerted its members that the institution was a victim of a hacking incident that potentially compromised their health information.

The health insurance center stated that it discovered the breach in January this year and took immediate steps to secure its network and isolate the affected systems.

The report also revealed that CHPDC called in the services of security firm CrowdStrike to carry out a proper investigation on the hacking incident.

During its investigation, CrowStrike confirmed that health information was exfiltrated by the threat actors, who are most probably foreign state actors. The health service center stated that the breach has impacted anyone who has enrolled in the CHPDC program, as well as former and current employees of the healthcare center.

The report revealed that stolen data include the user’s name, date of birth, telephone numbers, addresses, claims information, medical information, medical number, and Social Security Numbers.

Updated information from the investigation revealed that the hacking incident has impacted roughly 200,500 individuals.

CrowdStrike stated that it has provided a series of steps to make sure a similar breach does not occur in the future.

This is the third time CHPDC has been a breach within a space of 5 years, which has gotten users worried about the security structure of the health center.

The medical benefits provider added that all passwords have been changed and operations that expose information to business partners have been stopped as well.

 “We’ve taken immediate steps to limit the impact of the attack and protect and secure our systems,” chief executive officer of CHPDC, George Aloh, stated.

Also, the dark web and the internet, in general, are monitored to find out whether there is a misuse of members’ data in any way.

The affected individuals are being offered credit monitoring services and complimentary identity theft protection for two years. According to CHPDC, the service is provided free for the entire duration.

Although the attack is still under investigation, it seems it did not impact any other institution or third parties, but CHPDC alone. No member services were impacted as well.

CHPDC has already informed the Office of the Attorney General in DC. The health insurer was also assisted by a third-party security firm

An extensive forensic investigation did not find any evidence the threat actor misused or viewed information in the accounts. But the security researchers are not sure whether the information was read.

In another attack, Ohio-based law firm  Bricker and Eckler recently informed over 400,000 patients that their data was breached after a ransomware attack. The law firm has a good number of clients from the healthcare sector. As part of legal counsel needs and client engagement, Bricker and Eckler have access to clients’ personal information.

The threat actors targeted the law firm to get access to this personal information and demand ransom from the firm.

Investigation into the hacking incident showed that the threat actors gained access to the systems from January 14 to January 31.

During the attack, they stole data containing users’ information from some of the law firm’s systems. The report revealed that steps have already been taken to mitigate the loss and prevent possible attacks in the future.

Ransomware gangs, both from private and state actors, have increased over the past year. There have been more accounts of ransomware attacks than they used to be a few years back. Observers have blamed the increased level of attacks on the economic and social impact of the COVID-19 pandemic . The majority of these breaches succeeded due to a lag in security systems.

As a result, security researchers have advised companies and institutions to tighten up their security and be proactive when combating cyber threats.

They have also been warned not to comply with the hackers for ransom payments. In most cases, the threat actors still go on to release the stolen data even after receiving ransom from their victims.