The fallout from the massive February 2024 cyberattack against Change Healthcare continues more than a year later. CareFirst BlueCross BlueShield of Maryland is the latest company to sue over the data breach.
The lawsuit, filed in a Maryland state court in late February, alleges that the UnitedHealth Group subsidiary’s cybersecurity standards were insufficient to prevent the attack. The Russian ransomware group responsible for the cyberattack used stolen credentials to remotely access a company portal that didn’t have multifactor authentication. CareFirst is seeking $900,000 in damages, along with interest and attorney fees.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
