200,000 Washington D.C. Health Plan Members have PHI Stolen

Following a cyberattack in which protected health information was stolen, CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is alerting its impacted clients.

Previously known as Trusted Health Plans,  CHPDC first identified a that a breach had taken place on its computer databases systems on January 28, 2021. The Washington D.C-based health plan moved swiftly to mitigate damage and isolate the impacted computers in order to safeguard its network to stop additional unauthorized access and the cybersecurity company CrowdStrike was contracted to look into all possible damage inflicted during the breach in question.

Following the investigation, CrowdStrike were able to confirm that protected health information was illegally taken by the group of cyber criminals, who were most likely a group of foreign-based cyber criminal group. CHPDC was able to confirm that any person who had ever been a client of CHPDC has been impacted by the breach, as well as current and former members of staff.

The range of data affected in the breach incorporates full names, address details, telephone contact details, birth dates, Social Security information, Medicaid information, medical data, claims information, and a restricted amount of clinical information. The breach has been made known to the Department of Health and Human Services’ Office for Civil Rights as affecting 200,665 people.

CrowdStrike are currently help companies to secure CHPDC systems and a series of steps were quickly implemented taken to improve security in order to stop similar breaches from taking place going forward. All passwords have been amended, CHPDC disabled processes that share information with their business partners, and the Internet and dark web are being closely monitored for any signs of improper of member data.

Due to the fact that protected health information has fallen into the hands of hackers, all impacted individuals are offered the chance to avail of free identity theft protection and credit monitoring services for a period of two years, which includes insurance and identity theft restoration solutions.