WASHINGTON – U.S. Sen. Mark R. Warner provided a variety of useful resources and an online form on his Senate website for Virginians potentially impacted by the cyberattack targeting health insurer CareFirst BlueCross BlueShield to contact his office for assistance.  CareFirst, which operates in Virginia, Maryland, and the District of Columbia, announced late yesterday that 1.1 million of its customers had been victims of a June 2014 data breach – first uncovered by the insurer a month ago and publicly disclosed on Wednesday – that exposed some personal information, including names, email addresses, birthdates, and online user names used to access CareFirst’s website.

CareFirst has said that database the hackers accessed did not contain members’ Social Security numbers, medical records, employment, credit card or financial information, and that the company is working with the Federal Bureau of Investigation to determine who is behind the breach.

A new link prominently posted on Sen. Warner’s homepage directs Virginians to the latest information from CareFirst, and provides relevant consumer information on identity theft and ways to protect yourself from cyberthieves. CareFirst has established a website, www.carefirstanswers.com, where affected members can access information about the breach. Sen. Warner’s website also provides links to useful information about protecting yourself against, or responding quickly to, the theft of your personal and financial information. The Senator’s resource page also includes a form for constituents to use seeking additional help from his office in the wake of the CareFirst data breach. 

“Unfortunately, the cyberattack against CareFirst is just the latest example of data breaches that have already hit millions of Americans,” Sen. Warner said. “This is a serious problem that isn’t limited to the health care industry – consumers remain extremely vulnerable to hacks targeting their banks, retailers, and employers. We need to see more cooperation between the public and private sectors in securing data and reporting of suspected breaches to law enforcement. We also have to ensure that adequate technology investments are made to better protect our privacy and other sensitive personal information.”

Sen. Warner continued, “It’s why I will continue to work with my colleagues on legislation that would set minimum data security standards to protect consumers and require timely notification of customers whose personal information is compromised.”

CareFirst is the third major U.S. health insurer to announce this year that its computer systems had been breached by hackers, potentially compromising customer information. Federal officials continue to investigate reported hacks against health insurers Anthem – Virginia’s largest health insurer – and Premera Blue Cross earlier this year that exposed the personal information of 79 million and 11 million customers respectively.

Anthem is Virginia’s largest health insurer, and in the wake of the hack targeting the company, Sen. Warner urged consumers to protect their personal information and to be wary of scammers targeting customers with phishing emails claiming to be from Anthem in an attempt to gain access to a user’s computer and personal information.

On February 3, 2014, Sen. Warner chaired the first hearing in Congress in the aftermath of the Target breach.  On the heels of that hearing, Sens. Warner and Mark Kirk (R-IL) called for the private sector to cooperate in creating Information Sharing and Analysis Centers (ISACs) to share information on data breaches, something the retail and financial services industries now have pursued on a voluntary basis. Additionally, Sens. Warner and Kirk introduced legislation in the last Congress to strengthen consumer protections for debit cardholders by capping liability for fraud at $50, the same amount as for credit cards.  Sen. Warner currently is working on legislation to require enhanced private sector data security measures and consumer breach notification.

In addition, Sen. Warner successfully amended The Intelligence Authorization Act of 2015 last December directing the President to address problems related to cyber criminals known to be operating in Ukraine, which international law enforcement authorities have identified as a major center for hackers and cyberthieves.  The Warner Amendment encouraged the President to take steps to make America safer from cybercrimes emanating from Ukraine, including improved intelligence and law enforcement cooperation, improved extradition procedures to ensure that cybercriminals face justice after causing damage to American  consumers.

Sen. Warner is currently preparing to introduce data breach legislation that would create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.