Morning Briefing
Summaries of health policy coverage from major news organizations
Carefirst: Hackers Had Access To Personal Info For More Than 1M Customers
The New York Times: Up To 1.1 Million Customers Could Be Affected In Data Breach At Insurer CareFirst
CareFirst, a Blue Cross Blue Shield plan, on Wednesday became the third major health insurer in the United States to disclose this year that hackers had breached its computer systems and potentially compromised some customer information. (Goldstein and Abelson, 5/20)
The Wall Street Journal: Health Insurer CareFirst Says It Was Hacked
CareFirst BlueCross BlueShield said Wednesday that hackers had gained access to the personal information of more than a million consumers, becoming the third major health insurer this year to disclose a breach. The not-for-profit insurer, which serves the District of Columbia, Maryland and parts of Virginia, said the attack occurred in June 2014 and involved a database where it stored information that members and others enter to access its websites and other services. CareFirst said the hackers may have acquired user names as well as members’ names, birth dates, email addresses and subscriber numbers. (Wilde Mathews and Yadron, 5/20)
The Washington Post: Cyberattack On CareFirst Exposes Data On 1.1 Million Customers In D.C., Md. And Va.
The CareFirst attack occurred in June 2014, according to a Web site set up by the insurer. The company said its cyber-security team thought it had fended off the attack at the time, but a recent review discovered that the attackers had gained access to the usernames that customers created on its Web site as well as their real names, birth dates, e-mail addresses and subscriber identification numbers. The database the hackers accessed did not contain members' Social Security numbers, medical claims, employment, credit card or financial information, the company said. (Peterson, 5/20)
The Associated Press: CareFirst Says Data Breach Affects About 1.1M People
Health care data breaches have grown over the last few years, and researchers at security software maker Symantec say the health care industry has become a major target for cyber criminals. That's partly because their systems may be more easily breached than banks and retailers, which were frequent targets in years past. (5/20)
Politico Pro: CareFirst Hacked, 1.1M Customers At Risk
CareFirst, a BlueCross BlueShield health plan serving Maryland, D.C., and Northern Virginia, was the victim of a “sophisticated” cyberattack in June last year, the company said Wednesday, putting at risk limited personal information about 1.1 million customers. (Pittman and Demko, 5/20)
Modern Healthcare: Impact Of CareFirst Cyberattack Compounded By Old Data
The sophisticated cyberattack against CareFirst Blue Cross and the record-breaking hacks at Premera Blue Cross and Anthem would have a narrower impact if insurance companies didn't retain customer data for so long, experts say. CareFirst, which provides health insurance and administrative services for about 3.4 million people in Maryland, the District of Columbia and Northern Virginia, said Wednesday that it was the victim of a cyberattack that affected 1.1 million current and former CareFirst members who have used the company's online tools. (Rubenfire, 5/20)
USA Today: FireEye Has Become Go-To Company For Breaches
When news broke Wednesday that as many as 1.1 million CareFirst health insurance customers could have had their personal information stolen, one familiar name was included: FireEye. The Milpitas, Calif.-based security firm has made a name for itself as the experts pulled in when a big computer security issue arises. "They've ended up being the go-to people. If there's a data breach, that's a name you hear," said John Kindervag, a security analyst with Forrester Research. (Weise, 5/21)
