Cybersecurity Attack

CareFirst BlueCross Blue Shield Community Health Plan District of Columbia Target of Cybersecurity Attack

Washington, D.C. - CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC), formerly Trusted Health Plan (District of Columbia), today announced that it was the target of a cybersecurity attack. Initial indications are that the attack was from a sophisticated, foreign cybercriminal enterprise. The company has notified the Federal Bureau of Investigation (FBI) and the Office of the Attorney General for the District of Columbia. Preliminary assessments suggest that the attack was limited to CHPDC. Early analysis also indicates that members of other CareFirst BlueCross BlueShield companies, the Federal Employees Program (FEP) and Federal Employees Health Benefits Plan (FEHBP) were not affected by this attack. There is no impact to the health insurance services members and enrollees receive from any CareFirst company including CHPDC or the ability to see a doctor for treatment.

"We've taken immediate steps to limit the impact of the attack and protect and secure our systems and the information of our enrollees," said George Aloth, CEO of CHPDC. "We're angry and troubled that anyone would target our enrollees. We're taking aggressive action on behalf of all those we serve to ensure they are supported and notified as more information becomes available."

On January 28, CHPDC's managed IT service vendor notified CHPDC of abnormal behavior impacting CHPDC systems. CrowdStrike, a leading global cybersecurity firm, was engaged and took immediate steps to mitigate the incident.

It is too early to know how many CHPDC enrollees or what specific data elements may have been impacted. Analysis of the data is ongoing and will continue. CHPDC will continue to update its partners and affected CHPDC enrollees and families as new information becomes known.