Hackers may have breached a database with information on 1.1 million customers of CareFirst BlueCross BlueShield, a health insurer operating in Maryland, Virginia and the District of Columbia.
The breach happened last June, when hackers targeted a database that contained information customers used to log on to CareFirst's website, the not-for-profit health insurer said in a statement Wednesday.
They may have obtained names, birth dates, e-mail addresses and subscriber identification numbers, the insurer said. The database didn't have passwords, Social Security numbers, credit card information or medical records.
CareFirst said a review by the security firm Mandiant Corp. didn't find evidence of any other breaches.
Hackers are increasingly targeting medical information, in particular from health insurers, which can offer a wealth of data including health, financial and identity information.
In February, the health insurer Anthem Inc. said hackers accessed data on about 80 million people. In March, Premera Blue Cross, which operates in the northwestern U.S., said information on 11 million people may have been exposed.
To protect customers, CareFirst said it will offer victims two years of credit and identity theft monitoring. It's also asking them to set up new user names and passwords.