A cyberattack on CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) resulted in the theft of CHPDC members’ protected health information (PHI).
CHPDC, formerly called Trusted Health Plans, found out that its computer networks had been breached on January 28, 2021. The health plan located in Washington D.C immediately isolated the compromised computers and secured its network to prevent the attacker from further access. CHPDC sought the assistance of cybersecurity firm CrowdStrike to investigate the security breach.
CrowdStrike’s investigation results showed that the attackers were most likely a global cybercriminal group. The attackers exfiltrated PHI and affected those who had registered with CHPDC, which include current and former employees.
The types of data stolen in the attack include: full names, Social Security numbers, birth dates, phone numbers, addresses, health-related information, Medicaid numbers, claims information, and some clinical information. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicated that 200,665 people were affected.
CrowdStrike provides assistance in securing CHPDC systems and adopted the following measures to enhance security to avoid other breaches from occurring again.
- Changing of all passwords
- Discontinuing operations that share information with business associates
- Close monitoring of the internet and dark web to detect misuse of member information.
Since cybercriminals got access to PHI, CHPDC offered complimentary two-year identity theft protection and credit monitoring services, and insurance to the affected individuals.