CareFirst has fallen victim to a significant data breach
CareFirst BlueCross BlueShield has taken note of the rise in cyber crimes that are targeting health insurance companies and had been taking steps to upgrade its security. The company had hoped to avoid falling victim to digital attacks by improving its cyber security, but while doing so found that it had already been the target of a major data breach, which began in June 2014. The data breach represents a significant problem that health insurance companies are having, as it shows that insurers are finding it difficult to actually detect cyber attacks when they happen.
1.1 million people may have had their information compromised by data breach
CareFirst has announced that 1.1 million current and former customers have been affected by the data breach. The company offers coverage in Washington D.C., Virginia, and Maryland, and is one of the latest health insurance providers to find that it had fallen prey to cyber attacks. CareFirst believes that its databases have been compromised and that those responsible may have had access to the sensitive information of consumers.
Other attacks against the company have not yet been discovered
Mandiant, a cyber security firm, has not found evidence of other cyber attacks against the CareFirst network. The health insurance company is encouraging those affected by the data breach to create new accounts. The company is also offering two years of credit monitoring at no cost, providing those affected by the data breach with a way to ensure that their information is not used for malicious purposes.
Companies will have to work harder to protect themselves in the future
Though more than a million people have been affected by the data breach, it issue is relatively small when compared to other cyber attacks that have hit health insurance companies. Earlier this year, Anthem announced a major data breach, which had affected some 80 million consumers throughout the country. Insurers may have to become more aggressive when it comes to security if they want to protect the information of their customers more effectively.
Major gap in security strategies. This is a great article and it highlights the new reality of cybersecurity: it is impossible to fully prevent a data breach. If a cybercriminal has enough motivation, he will get into your network. With that why aren’t health insurance companies shifting their tools and resources to put a greater emphasis on detecting an active breach? The new breed of active breach detection finds a post-intrusion data breach by the operational activities an attacker must perform once inside your network. Admittedly, active breach detection is still not well known, but it’s amazing that health insurance execs aren’t clamoring for a new approach to deal with breaches. Clearly the traditional one is not sufficient.