NEW YORK (AP) — In the latest disclosure of a cyberattack against a health insurer, CareFirst BlueCross BlueShield says attackers gained access to a database that included the names of 1.1 million people.
The company says the breach happened in June 2014 after a “sophisticated cyberattack.” It says the attackers got into a database that included the names, usernames, birth dates, email addresses and subscriber ID numbers of about 1.1 million current and former members and people who did business with CareFirst.
CareFirst said the attackers did not get access to members’ passwords because those are encrypted and stored in a separate system. They also didn’t get access to Social Security numbers, medical claims, or credit cards, and the company says there is no evidence of other breaches.
Earlier this year Anthem, the second largest health insurer in the U.S., disclosed a data breach that affected as many as 80 million people. Premera Blue Cross, a health insurer based in the Pacific Northwest, said a breach may have exposed information belonging to 11 million people.
CareFirst is based in Baltimore. It provides health insurance and services to 3.4 million people in Maryland, Northern Virginia and Washington, D.C.
The company says it will offer two years of free credit monitoring and identity theft protection to consumers affected by the breach.