CareFirst hit by cyberattack affecting 1.1 million members

Last night it was reported that CareFirst was targeted by a cyber-attack that impacted approximately one-third of their entire membership.  This breach was specific to members that had actually created an account on the CareFirst website that allows members to view claims, order ID cards, check HSA balances, etc. 

Due to this breach, members that were impacted and now attempt to log in to their accounts will be prompted to change both the username, password and security questions before proceeding. 

In an effort to provide information and updates regarding the breach, CareFirst has established a dedicated website ( 

Members affected by this breach will be offered two free years of credit monitoring and identity theft protection.  More information regarding this will be distributed to members.  Members can continue to check the above website for additional details on this in the days to come.  

Click here to read a related article.