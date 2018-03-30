CareFirst BlueCross BlueShield said Friday it was hit by a phishing email attack that could have exposed the personal information of 6,800 of the insurer’s members.

Phishing attacks use deceptive emails and websites to convince people to disclose personal information.

The state’s largest insurer said an employee’s email account was compromised by phishing on March 12. The employee’s account was used to send emails to people not associated with CareFirst.

Even though the emails were sent too others, the attackers potentially could have accessed the personal information of 6,800 CareFirst members through the employee’s emails. The personal information that could have been compromised includes names, member identification numbers and date of birth.

In eight cases, social security numbers could have been taken. No medical or financial information was compromised.

The original phishing message and the resulting spam messages were forensically examined by CareFirst’s information security team and a third party information security firm. The insurer’s entire system also was analyzed and there was no evidence of other suspicious activity or malware, which is software that attacks computers and disables computer systems.

The employee’s email account that was attacked was reset.

There is no evidence that CareFirst member information was improperly used, but the insurer is offering free credit monitoring and identity theft protection for those affected for two years.

amcdaniels@baltsun.com

twitter.com/ankwalker