More than 1.1 million health insurance customers have been left vulnerable by a vast data breach, after criminals gained access to a CareFirst database in a "sophisticated cyberattack," reports The Register.
The nature of the stolen data appears to be personal records including names, birthdays and email addresses, but the hackers weren't able to obtain sensitive financial or medical records. The BlueCross BlueShield plan is the third victim of a major breach within the healthcare industry this year, following recent attacks targeting Anthem and Premera.
The New York Times notes that CareFirst has reported the crime to the FBI who are said to be "looking into it," while the healthcare insurer also issued an apology on its website with an offer of free credit monitoring services.
"CareFirst BlueCross BlueShield has confirmed that cyberattackers gained limited, unauthorized access to a CareFirst database," reads a statement on the insurer's website. "We understand that the security of your information is important and we are taking steps to protect members in light of this attack and moving forward."
The statement concluded: "We are offering two years of free credit monitoring and identity theft protection services for those members affected. If you have been affected, you will receive a letter from CareFirst."
The biggest immediate threat for CareFirst customers may come from phishing scams, as criminals attempt to use customers' stolen email addresses to coax them into clicking malicious links or disclosing more sensitive data.
Earlier this year the hack of health insurer Anthem could have affected as many as 80 million customers, while We Live Security’s senior security researcher Stephen Cobb expressed concerns over the state of healthcare IT security last year.
"Unless attitudes change and numbers improve, and unless our government decides to get serious about reducing cybercrime, the outlook is stormy at best,” says Cobb.