Today, healthcare insurance provider CareFirst BlueCross BlueShield announced it had fallen victim to a data breach affecting 1.1 million current and former members. The announcement comes two months after Premera Blue Cross disclosed a similar breach of 11 million records.
The exposed data included names, birth dates, email addresses, and subscriber identification numbers. It did not include Social Security numbers, medical claims, employment information, or credit card data.
CareFirst said that hackers accessed a single database in June 2014; Premera's database was hit one month earlier.
Some researchers have implicated Chinese APT groups in attacks on healthcare organizations, including a campaign specifically targeting BlueCross BlueShield that might have begun as early as December 2013.
Mandiant has been hired to investigate the attack at Carefirst.