CareFirst BlueCross BlueShield (CareFirst) announced that an employee fell victim to a phishing attack that compromised their email account. The affected account was used to send spam emails to an external email list.
The compromised email account means the personal information of 6,800 CareFirst members may have been accessed. That information includes names, member identification numbers, dates of birth, and, in a limited number of cases, Social Security numbers.
An investigation confirmed that no further accounts had been compromised, nor had there been any other suspicious activity on the systems. CareFirst provides annual mandatory security awareness training to staff. No information on additional correctional steps has been released.
Although there is no indication that financial data was compromised, the members affected are being provided with complimentary credit monitoring and identity theft protection services.
The most important line of defense against a phishing attack is the email recipient. If your staff can identify and correctly respond to a malicious email, the risk will be mitigated.
Increase staff awareness
Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information, or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.
To determine how vulnerable your organization is to phishing threats, consider running a Simulated Phishing Attack before committing to the staff awareness training. This service provides an independent assessment of employee susceptibility, and benchmarks your security awareness campaigns.