Another major health-insurer hack attack, China again snooper of interest

CareFirst BlueCross BlueShield, which serves the Washington, D.C., area, has reported a hack into a database containing 1.1 million customer records.

According to the company, the breach occurred in June 2014 and was discovered while CareFirst was beefing up IT security in the wake of massive intrusions into IT systems at Anthem and Premera BlueCross earlier this year. CareFirst said it hired Mandiant, the cyber-forensics unit of computer security company FireEye, to lead the effort.

Chet Burrell, CareFirst’s CEO, said in an online video and statement that the hackers did not get their hands on any member Social Security numbers, medical claims information or financial information. He said the company will offer customers free credit monitoring and identity-theft protection for two years “even though the information in question would be of limited use to an attacker.”

The development has drawn wide media attention. While no hard evidence has betrayed a prime suspect, suspicions quickly turned to China, widely believed to have been behind the Anthem and Premera hacks.

A USA Today story stated that industrial spying by China “is well known” and noted the locale of the latest victim insurer and its customer base in and around the nation’s capital, with its heavy concentration of government and military personnel.

Newsweek’s Daily Beast came right out and headlined its coverage “Chinese Hackers Hit 1.1M BlueCross BlueShield Members.”

The Wall Street Journal quoted a Chinese Embassy spokesman in Washington as saying, “Cyberattacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusations is not responsible and counterproductive.”