CareFirst Administrators Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating CFA, LLC, which does business as CareFirst Administrators, regarding its recent data breach. The CareFirst Administrators data breach involved sensitive personal identifiable information and protected health information belonging to an unknown number of individuals.


CareFirst Administrators is a third-party healthcare administrator that specializes in administering health benefits. Founded more than 35 years ago, CareFirst Administrators partners with the Blue Cross Blue Shield Association, a large federation of health insurance companies, to provide employers with customized healthcare programs and plans. Accordingly, CareFirst Administrators prides itself on paying claims and offering a wide range of funding options. In addition to working with employers, CareFirst Administrators also conducts business with benefits brokers and these brokers’ clients. Headquartered in Baltimore, Maryland, CareFirst Administrators works with customers throughout Maryland, D.C., and Northern Virginia.


On March 21, 2022, Conifer Value-Based Care, LLC, a vendor of CareFirst Administrators, discovered that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed. Through its investigation, Conifer Value-Based Care determined that an unauthorized actor may have accessed this sensitive information between March 17 and March 22, 2022. Furthermore, Conifer Value-Based Care concluded that this breach of information was the result of a phishing scam. On November 22, 2022, CareFirst Administrators began notifying individuals whose information may have been impacted. The type of information exposed includes:

  • Name
  • Social Security number
  • Date of birth
  • Health insurance information
  • Medical information (such medical record number, provider name, prescription/medication, or diagnosis and treatment information)
  • Billing and claims information

If you received a breach notification letter from CareFirst Administrators or Conifer Value-Based Care:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the CareFirst Administrators data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Enroll in the free credit monitoring service provided by CFA, LLC or Conifer Value-Based Care, LLC;
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: