CareFirst Data Breach Exposes Millions of Records

Jennifer Gladstone



Being proactive when it comes to information security is essential. One of the nation’s largest health insurers is showing us that constant diligence can prevent a hack job from going from nuisance to disaster.

CareFirst Blue Cross and Blue Shield recently announced that personal information from more than a million customers had been hacked. On the surface that sounds horrific. But there are silver linings in this story. First, the information that was stolen was mainly names, birth dates, email addresses and insurance ID numbers. While no one wants this info on the open market, these identifiers are a lot less helpful to would-be identity thieves than social security numbers, credit card numbers, passwords and medical information. Even so, the company is going to offer free credit monitoring and identity theft protection for two years for all of the people involved.

The most interesting thing about this hack is how it was found. In June of 2014 CareFirst detected a problem in the system, found it and dealt with the threat. But it turns out the hackers left behind hidden backdoors that remained after the “fix” that would let them back into the system later – undetected.

This second attack could have gone unnoticed for a long time, except CareFirst decided to be proactive. After hearing about attacks on other insurance providers, they hired a company to do a thorough sweep of their system. That’s when they found the breach and got the FBI involved.

This event shows once again that it takes constant diligence to maintain a safe network. It’s something we take very seriously here at EBI, and it’s the reason we work so hard to maintain our ISO Certification 27001:2005 for Information Security. We protect the confidentiality, integrity and availability of all personally identifiable information in our care. Whether you run a huge insurance provider or a background screening firm, it takes constant monitoring and continual improvement to secure the safest systems.

A Best Practice Guide for Selecting a Background Screening Partner

Employment Background Investigations is a technology driven leader in domestic and global pre-employment background checks, drug testing, occupational health screening and I-9 compliance. We specialize in development, implementation and management of customized employment screening programs for large and multi-national clients. We are dedicated to information security.  EBI is the only NAPBS Accredited background screening company in the world to hold both an ISO 27001:2005 certification for information security and an ISO 9001:2008 certification for Quality Management.

All content provided by EBI is published for the convenience of its readers and should never be deemed as legal guidance or advice.  Always consult your legal counsel for specific advice on state laws and industry regulations.

Jennifer Gladstone

Posted By: Jennifer Gladstone

Jennifer Gladstone is a news anchor and journalist with more than 20 years of experience in front of the camera. She's worked in several markets, large and small, and has performed nearly every task needed in a newsroom. As EBI’s Screening News Editor, she keeps EBI’s customers and blog subscribers up to date on the latest screening news and legislative alerts affecting companies of all sizes.