Reposted from Healthcare IT News
Cyberattackers swipe data of 1.1M at CareFirst | Healthcare IT News
It took a health insurance company almost a year to notify some 1.1 million of its members that their personal data had been swiped by hackers. What’s more, the cyberattack wasn’t even detected in-house.
The Baltimore, Md.-based CareFirst BlueCross BlueShield health plan announced the cyberattack May 20, despite the attack occurring back in June 2014.
According to a company news release, the cyberattack compromised the names, dates of birth, email addresses, member ID numbers and user names of 1.1 million members.
Only after the health plan brought in cybersecurity firm Mandiant to conduct end-to-end IT security testing in the wake of the Anthem and Premera attacks, did CareFirst discover cyberattacks had gained access to a single database that stores members’ online services data.
CareFirst officials described the breach as a “sophisticated cyberattack,” but there are some security officials who question that general wording that was also used to describe the Anthem breach, which compromised the data of as many as 80 million.
“I have never found an insurance company that required a sophisticated attacking incident,” he said. “Period.
“They have tons of systems. They have tons of tests,” he said. “It’s a huge conglomeration of stuff.”
As Ken Westin, security analyst at Tripwire, sees the CareFirst breach: “In general, healthcare organizations are not prepared for the level of sophistication associated with the attacks that will be coming at them. It’s no surprise that several organizations have been targeted and compromised.”
Cyberattackers swipe data – reposted from Healthcare IT News