Capital BlueCross: CareFirst BCBS Security Breach

Capital BlueCross members are not impacted by this breach. Members of other Blue Cross Blue Shield Plans are not impacted by this event. BlueCard claims and FEP members are also unaffected.

On May 20, CareFirst BlueCross BlueShield (CareFirst) announced that it was a target of a sophisticated cyber-attack. The attack occurred last year, but was uncovered now as CareFirst was in the process of reviewing and upgrading its defenses to such attacks.

CareFirst, an independent licensee of the Blue Cross and Blue Shield Association, is a not-for-profit health care company which, through its affiliates and subsidiaries, serves 3.4 million individuals and groups in Maryland, the District of Columbia and Northern Virginia.

CareFirst has established a dedicated call center (888.451.6562) and website ( for members who think they may be affected and that have specific questions about the attack and the protections being offered.


The information provided herein is intended solely for the use of our clients. You may not display, reproduce, copy, modify, license, sell or disseminate in any manner any information included herein, without the express permission of the Publisher or Publishers of articles within.

The information provided is for informational purposes only and does not constitute legal advice. The information above contains only a summary of the applicable legal provisions and does not purport to cover every aspect of any particular law, regulation or requirement. Depending on the specific facts of any situation, there may be additional or different requirements. This is to be used only as a guide and not as a definitive description of your compliance obligations.