Health Insurer CareFirst Popped By Hackers

CareFirst, a Blue Cross Blue Shield plan, said the attack occurred nearly a year ago. It is not clear if this incident is related to two other major data breaches at insurers Anthem and Premera.

Charles Carmakal, a managing director at Mandiant, a security firm retained by all three insurers, said in an emailed statement that the hacking at CareFirst “was orchestrated by a sophisticated threat actor that we have seen specifically target the health care industry over the past year.”

It was Mandiant that first discovered the CareFirst breach, after the insurer asked the firm to conduct an investigation.

There is little evidence customer information taken from Anthem and Premera has entered the black market. This “suggests that the hackers targeting the healthcare industry may be more interested in gathering information,” the New York Times reports. It is suspected China is behind the attacks. 

The hackers gained access to customer names, email addresses and birthdates. They did not obtain sensitive financial or medical information like Social Security numbers, credit card information and medical claims.

“It’s such an attractive target and it’s a soft target and one not traditionally well protected,” said Austin Berglas, head of online investigations in the United States and incident response for K2 Intelligence and a former top agent with the F.B.I. in New York. “A nation state might be looking at pulling out medical information or simply looking to get a foothold, which they can use as a testing ground for tools to infiltrate other sectors.”