CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI).
CHPDC, previously known as Trusted Health Plans, discovered a breach of its computer networks on January 28, 2021. The health plan based in Washington D.C took fast action to separate the impacted computers and safeguarded its network to avoid continuing unauthorized access. CHPDC engaged the cybersecurity company CrowdStrike to look into the incident.
According to CrowdStrike’s investigation, the attackers, who were most probably an international cybercriminal group, exfiltrated protected health information, and thus any person who has been enrolled with CHPDC, including present and previous workers, were impacted.
The following types of information were stolen during the attack: full names, Social Security numbers, telephone numbers, addresses, birth dates, Medicaid numbers, health-related data, claims details, and some clinical data. CHPDC has reported the breach to the Department of Health and Human Services’ Office for Civil Rights indicating that it affected 200,665 persons.
CrowdStrike offers support in protecting CHPDC systems and the following steps were undertaken to improve security to avert identical breaches from happening again.
- All passwords were altered
- CHPDC discontinued operations that disclose data with business associates
- The internet and dark web are under close monitoring for any indications of member information misuse
Because cyber criminals obtained protected health information, CHPDC provided the impacted persons with free two-year identity theft protection and credit monitoring services, including identity theft restoration services and insurance.