The protected health information (PHI) of around 30,063 Florida Blue (Blue Shield of Florida and Blue Cross) members might have been seen or acquired during a brute force attack on the online member portal of Florida Blue.
Beginning on June 8, 2021, unidentified persons executed a brute force campaign utilizing a big database of user identifiers and matching passwords that were accessible from internet sources in an effort to acquire portal access. The database seems to have been put together from data breaches at third-party organizations where the username and password combos were breached.
Florida Blue states that a number of those programmed attempts succeeded and the attacker obtained access to data included in internet member accounts. This data usually contained names, contact details, claims data, payment data, medical insurance policy data, and other personal data.
Although access to accounts was acquired, Florida Blue did not find any proof that indicates the attacker removed any information in those accounts.
Attacks like this emphasize the importance of using strong, unique passwords for all web-based accounts. In case one platform has been breached, the password is not allowed for accessing other accounts.
Florida Blue mentioned that upon discovery of the brute force attack, the health plan took steps to prohibit the IP addresses of the attacker. New security procedures were executed to boost the security of its website to stop more attacks like this.
Florida Blue sent notification letters to its affected members beginning on June 30, 2021. Impacted members were instructed to be alert and to check their accounts for any indication of malicious activity, like unapproved transactions.
As a safety measure against identity theft and fraud, the impacted members received free membership to identity theft protection, detection, and resolution services for 2 years through Experian.