Customers sue CareFirst following cyberattack

CareFirst BlueCross BlueShield has become the latest insurer to be slapped with a lawsuit following a cyberattack that compromised its customers' sensitive information.  

The proposed class-action lawsuit filed in U.S. District Court by two CareFirst customers alleges that the insurer failed to protect customers' information after it became aware of security weaknesses during last year's cyberattack, reports the Baltimore Sun. The suit says damages resulting from the incident exceed $5 million.

In May, the insurer announced that it was the target of a cyberattack that compromised information of about 1.1 million current and former consumers, as well as individuals who conducted business with the company online. Hackers first gained access to the single encrypted database on June 19, 2014.

Around the same time of CareFirst's announcement, Premera Blue Cross said that hackers gained access to personal information of nearly 11 million customers. Additionally, earlier this year, Anthem was the target of a large attack that compromised personal information for roughly 80 million individuals. At least 26 individuals have sued Anthem over its breach.

When CareFirst announced the breach, it said it would give affected customers two years of credit monitoring and identity theft protection services, FierceHealthIT previously reported.

At the time, CareFirst said that no Social Security numbers, medical claims information and financial information were at risk during the attack, as it affected individuals who created profiles prior to the aforementioned date.

For more:
- here's the Baltimore Sun article