• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Consumer   »   What You Need to Know about the CareFirst Breach

What You Need to Know about the CareFirst Breach

  • Posted on:May 21, 2015
  • Posted in:Consumer, Data Privacy, Hacks, Healthcare, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

On May 20, CareFirst BlueCross BlueShield announced that they were the victim of a data breach in June 2014 that affects 1.1 million current and former customers.

According to CareFirst, the data breach affects:

  • member-created user names
  • members’ names
  • members’ birth dates
  • members’ email addresses
  • subscriber identification number.

The data breach does not affect:

  • members’ passwords
  • members’ Social Security numbers
  • members’ medical claims
  • members’ employment
  • member’s credit card
  • member’s financial information

This means that the main risks that those affected face are an increased risk of spam/phishing attacks from attackers using the stolen information.

However there is another risk that everyone needs to be aware of: the risk of increased spam and phishing attacks that leverage concern around this situation.  And CareFirst’s response has, unfortunately, made the attackers’ jobs easier.

CareFirst has put up a new website to provide information about this attack. Unfortunately, this new website can facilitate spam and phishing attacks for two reasons:

1. It uses a new, custom URL that’s not the main carefirst.com domain.

image 1

 

2. Currently, it does not support SSL by default.

 

image 2

And in fact the current certificate for the site doesn’t actually match the carefirstanswers.com domain.

 

image 3

Taken together, the well-intentioned Carefirst information site makes it easy for attackers to set up competing scam sites using other plausible sounding domains, direct concerned people to the site, instruct them to provide personal information to register for their free credit monitoring and then harvest that information for malicious purposes. In fact, if a scam site were to do this using SSL, it would seem MORE secure and legitimate than the official Carefirst site.

What you can do to protect yourself is if you’re concerned about this situation, don’t go to any website other than the official Carefirst site: www.carefirst.com.

image 4

 

This site does redirect to https://member.carefirst.com but you can verify that you’re on the official site by verifying the SSL certificate.

image 5

Once on the official Carefirst site, you can get further information on the situation and what you can do.

This attack continues the trend that we outlined in our Q1 2015 Security Roundup for major healthcare related data breaches in the United States. Based on that, we’re reaching a point where everyone should be extra watchful of activity involving their personal and financial information. This data breach actually occurred 11 months ago, which means that attackers have had this information that long without the victims knowing it. There likely are other data breaches that have happened or are happening that we don’t know about yet.

In addition to increased vigilance, using security products that have robust antispam and antiphishing capabilities like Trend Micro™ Internet Security can also help protect against these sorts of attacks.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. Hackers breach University of Wisconsin database
  2. Nokia’s swift response to data breach indicates corporations are learning from recent history
  3. Debunking Breach Myths: Who is Stealing Your Data?
  4. Yahoo Breach: It’s Time to Keep Those Passwords Safe

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.