Phishing Incident on CareFirst BCBS Affects 6,800 Plan Associates

CareFirst Blue Cross Blue Shield is warning 6,800 of its plan associates that a few of their PHI has possibly been retrieved by illegal persons as a consequence of a successful phishing attack on one of its workers.

Phishing attacks are carried out to access confidential information like electronic mail identifications. Those identifications are then used to access sensitive data or carry out more attacks on a business.

The CareFirst phishing incident was found on March 12, 2018. A single worker was fooled into leaking electronic mail account identifications and the attackers used those identifications to access the electronic mail account and send spam electronic mails to an electronic mail contact list. The receivers of those emails were not linked to CareFirst.

CareFirst’s safety team carried out a complete study of the electronic mail and a forensic examination of its systems, as well as a third-party cybersecurity firm, also helped with the inquiry into the attack. The investigation of the original phishing message disclosed no malware had been fitted, and no malevolent software was transmitted to any of the associates in the electronic mail account.

The in-house and third-party inquiries didn’t expose proof to suggest any electronic mails in the account were retrieved, even though the probability couldn’t be precluded with total confidence. Several of the electronic mails in the account had the PHI of associates including dates of birth, names, and member ID numbers. No financial data or medical information were present in any of the electronic mails in the account. CareFirst informs that out of the 6,800 associates impacted, just 8 Social Security numbers were leaked.

Although the danger of data being used for malevolent purposes is small, out of an abundance of care, all people impacted by the breach have been offered 2 years of free credit checking and identity theft protection facilities.

The occurrence indicates that even with safety consciousness training workers can still be deceived by phishing electronic mails. CareFirst states it provides yearly teaching sessions on information safety for all workers. Additionally, an ongoing safety consciousness program assists to maintain consciousness of phishing and other safety threats.