Yet another major U.S. healthcare insurance provider has been hacked. CareFirst – a health insurer with the Blue Cross and Blue Shield network that offers services to residents in Maryland, Washington and Virginia – said it suffered a massive cyberattack in which the private records of some 1.1 million customers were compromised.
The website ModernHealthcare.com reported that a major health insurer's system had been infiltrated by hackers last year, and those hackers may now have access to customers' usernames, passwords, birthdates, financial information, email addresses, street addresses, phone numbers, and more. This was confirmed in a message sent out by CareFirst, in which it acknowledged that the records of more than 1.1 million customers were potentially disclosed to unauthorized individuals.
According to Time.com, Madiant found the attack to have occurred in June 2014. CareFirst hired Madiant to analyze its systems in the wake of a string of recent cyber attacks on similar health insurance companies (e.g. Premera and Anthem).
“Members who created accounts on http://www.carefirst.com prior to June 20, 2014 are affected by this incident. CareFirst is mailing letters to all affected members and those affected should receive a notification letter in the next 1 to 3 weeks. Members who enrolled to use CareFirst online services on or after June 20, 2014 are not affected because their enrollment occurred after the date of the unauthorized access,” wrote the CareFirst in a statement to its customers.
Reports of healthcare insurance providers and healthcare facilities becoming the victim of cyber attacks has become all too common in today's day and age. In less than a year, we've seen Premera, Anthem, and now CareFirst being victimized. This begs the question: why are hackers targeting healthcare networks? Well, experts say there are a few factors contributing to this disturbing trend, one of which is the simple fact that many healthcare networks lack the same level of security found in banks and financial institutions. This makes them a “long-hanging fruit” so to speak, at which point hackers can have an easier time infiltrating them.
Of course, healthcare companies should use this news as a reminder to implement the necessary safeguards to protect their patients' data from unauthorized use or disclosure. Cyber attacks can be prevented, but only if the respective company takes the necessary action. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 outlines several different “Rules” for achieving a safe and compliant system in the healthcare field.