Watch CBS News

CareFirst Website Hacked; 1.1 Million Affected

BALTIMORE (WJZ) -- Cyber attack! A major healthcare insurer was hacked, putting customers' personal information at risk. Now CareFirst Blue Cross Blue Shield members are bracing for the worst.

Rick Ritter has more.

CareFirst calls it a "sophisticated" cyber attack, one that happened last June---and now hundreds of thousands of customers are at risk.

It's just the latest massive healthcare data breach.

"It's scary," said Janie Bury.

Over one million CareFirst customers got word that their personal information was possibly compromised.

"I looked at the lady and said, `What?'" Bury said.

The company, which serves Maryland, DC and northern Virginia, says they were targeted last June. Hackers gained access to a single database, containing user names, customer names, their birth dates and email addresses.

"I just don't want someone to get a hold of my identity and start racking up credit card charges," said Jacob Finklestone. "It makes you wonder, what's going on at these companies' IT departments?"

Despite the breach, there is a small sigh of relief: CareFirst officials say the database hit by attackers did not contain members' Social Security numbers or medical records.

Over the last few years, Anthem Health Insurance, along with Target, Sony and Home Depot are just a few other corporations hit hard with breaches.

"Fortune 500 companies nowadays get hacked so it doesn't surprise when I hear someone is hacked, even locally in Baltimore," said Gary Buclous, Infoworks Technologies, LLC.

Tech expert Gary Buclous says as scary as it is, there's not much they can do.

"You can do everything in your world power and no matter what, if they really want you, they're going to get you," he said.

Customers hope they're okay but are now bracing for the worst.

Customers' accounts that were affected are now blocked and they're being asked to create new user names and passwords. CareFirst will be offering free credit monitoring and identity theft protection for those affected for two years.

The company discovered this as part of their ongoing security efforts in the wake of recent cyber attacks on health insurers. Customers who registered to use CareFirst's website prior to June 20, 2014 are the individuals affected.

How Do I Know If I Have Been Affected?

"Members who created accounts on prior to June 20, 2014 are affected by this incident. CareFirst is mailing letters to all affected members and those affected should receive a notification letter in the next 1 to 3 weeks. Members who enrolled to use CareFirst online services on or after June 20, 2014 are not affected because their enrollment occurred after the date of the unauthorized access."

For more information CLICK HERE.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.