Skip to Content


CareFirst BlueCross BlueShield Data Breach – Class Action Investigation

April 19, 2021 by  

Ahdoot  Wolfson is investigating reports of a malware data breach impacting CareFirst BlueCross BlueShield Community Health Plan District of Columbia (“CareFirst”). CareFirst reported that it recently notified over 200,000 plan members that their data was compromised and potentially stolen after a cyberattack in January 2021.

CareFirst’s investigation to date has revealed that the attackers were likely part of a foreign cybercriminal enterprise. Breach victims include CareFirst enrollees, current and former employees, providers who received payments from the insurer, and Medicaid enrollees. The compromised data included full names, contact details, dates of birth, Social Security numbers, Medicaid identification numbers, medical information, claims data, and some clinical information.

For affected providers and Medicaid enrollees, the data included names, business addresses, and Social Security numbers or tax identification numbers. For employees, the data involved names, contact information, dates of birth, and Social Security numbers.

CareFirst’s failure to protect the sensitive health and personally identifying information of its customers, providers, and employees may be a violation of consumer protection and data privacy laws.

If you believe you have been impacted by the CareFirst data breach, or if you have received a notification letter from CareFirst indicating that your information was impacted by the breach, please contact Ahdoot & Wolfson by submitting your information in the contact form below.

CareFirst Data Breach Intake Form