Search This Blog

Showing posts with label Insurance Company. Show all posts

CareFirst Data Breach: Sensitive Information of Customers Leaked Online

 

For the third time in the past six years, cybercriminals have targeted CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC). The insurance provider had issued a written statement disclosing a data breach of one of its databases, which occurred on January 28. 

CHPDC’s managed IT service provider alerted CHPDC of abnormal behavior impacting CHPDC systems. Considering the long relationship with cyber-attacks the insurance provider immediately decided to engage cybersecurity group CrowdStrike to identify the source of the leak and also notified both the FBI and the Office of the Attorney General for the District of Columbia.

Unfortunately, hackers were able to gain access to a database and stole sensitive information including names, addresses, contact numbers, date of birth, Medicaid identification numbers. After the examination, CHPDC suggested the attack was likely carried out by a ‘sophisticated, foreign cybercriminal gang’ and it was premature to say how many clients had been affected.

“We’ve taken immediate steps to limit the impact of the attack and protect and secure our systems and the information of our enrollees. We’re angry and troubled that anyone would target our enrollees. We’re taking aggressive action on behalf of all those we serve to ensure they are supported and notified as more information becomes available,” George Aloth, CEO of CHPDC, stated.

The company has decided to provide free two-year credit, identity theft monitoring, and a website with information on data breaches to all the enrolled clients who were affected due to this data breach.

The 2014 cyber-attack on CHPDC was one of the largest healthcare breaches ever reported, nearly 1.1 million customers were affected. Threat actors targeted a single database that contained information about CareFirst members and others who accessed its websites and services. CareFirst learned of the data breach on April 21, 2015, nearly one year later after they hired Mandiant, a leading cybersecurity company. 

In October 2020, the FBI, The Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) alerted that cybercriminals were stepping up ransomware attacks on health sector groups as the organizations were involved in Covid-19 treatment and research.

RansomExx Gang Target French Health Insurance Company in a Ransomware Attack

 

Mutuelle Nationale des Hospitaliers (MNH), a French health insurance company has been hit by a ransomware attack that has severely affected the company’s operations. French health insurance company MNH provides health insurance services and has plans focused on the health department.

The company’s website mnh.fr displays a notice stating that it has been affected by a cyberattack that began on February 5. Due to this attack, the computer system and telephone services are unavailable. Members of the insurance company use the MNH website to design insurance quotes or to manage services and benefits.

Gerard Vuidepot, CEO of MNH, stated that “the MNH has been undergoing a cyber-attack since Friday, February 5, 2021. Computer systems have been disconnected for security reasons. Our websites (mnh.fr, member area, corresponding and elected extranets) and our telephone platform (3031) are temporarily unavailable. The processing times for your requests are being extended”.

As per the reports of BleepingComputer, an independent security expert shared a Tor web page that acts as a ransom negotiation page for the MNH attack that connects to the mnh.fr website. The page directs how the cybercriminals will negotiate with the firm and also advises MNH to employ a protonmail account while negotiating and not to reach out to the cops, or the cops will seize their bank accounts.

The site provides the ability to send a single email to the ransomware gang and perform test decryption of a single file. According to BleepingComputer, this Tor site is operated by ‘RansomExx’, a rebranded version of the Defray777 ransomware. This ransomware group has been operating since 2018, after updating their name to RansomExx in June 2020 it’s modus operandi has become more potent and are targeting high-profile companies.

Some of the high-profile organizations targeted by the RansomExx group in the past include the Texas Department of Transportation (TxDOT), Konica Minolta, Brazilian government networks, IPG Photonics, and Tyler Technologies. RansomExx has designed its own Linux version to make certain that they target all critical servers and data in a firm.