Maryland’s Biggest Insurer Affected with Phishing Exposing Members’ Information

The biggest health insurer in Maryland reports a phishing scam may've leaked the personal data belonging to almost 7,000 members.

According to the company CareFirst BlueCross BlueShield, the e-mail A/C of an employee had been hijacked on March 12 that possibly enabled the hacker to access date of birth, ID numbers and names of no more than 6,800 people insured. According to the insurer, whilst social security numbers possibly got compromised within 8 instances, there hadn't been any compromise of financial/medical information.

Phishing scams involve spurious e-mails and fake online sites for duping people into revealing their private info. CareFirst stated a phishing attempt compromising the employee's e-mail followed with that account being utilized for distributing electronic mails to people unrelated to CareFirst. On March 30, security experts stated the information impacted with the "Under Armour" hack seemed more-or-less harmless, albeit according to them, people should remember making use of hard-to-guess passwords.

A team of information security personnel from CareFirst along with an intermediate information security company forensically examined the foremost phishing e-mail as well as the ensuing spam mails. An analysis was also done of the whole system of CareFirst, while there wasn't any clue of other dubious operations else malicious software. The targeted electronic mail account of the employee was reconfigured. Baltimoresun.com posted this, March 30, 2018.

Albeit there wouldn't be much utilization of the information reached at via the targeted e-mail A/C, while there's also little clue that member details of CareFirst had been misused, the insurer has promised to provide credit monitoring services along with ID-theft protection free of cost to those impacted the next 2-yrs. CareFirst would directly contact potentially impacted members about their enrollment for the free service.

CareFirst maintains an all-inclusive information security scheme while staff members are required for taking yearly compulsory training of information security. The country's largest health insurer is conducting a program of security awareness among its working staff that imparts education to them regarding cyber attack techniques for which they must stay watchful.

» SPAMfighter News - 4/6/2018