Andrea Peterson of The Washington Post reports there was a cyber attack on CareFirst exposing 1.1 million customers data in Washington DC, Virginia, and Maryland (emphasis added):

CareFirst BlueCross BlueShield was the victim of a cyberattack that compromised information on about 1.1 million current and former customers, the health insurer that covers residents of D.C., Maryland and Virginia announced Monday.

Several major health insurers have disclosed significant breaches this year, including Anthem, the nation’s second largest health insurers, which revealed that data on nearly 80 million customers was compromised.

The CareFirst attack occurred in June 2014, according to a Web site set up by the insurer. The company said its cyber-security team thought it had fended off the attack at the time, but a recent review discovered that the attackers had gained access to the usernames that customers created on its Web site as well as their real names, birth dates, e-mail addresses and subscriber identification numbers.

The company said it first learned that data on customers was accessed nearly a month ago, on April 21, during the course of a review of its systems by cybersecurity firm Mandiant. CareFirst said it did not disclose the discovery until now so it could complete its investigation of the incident.

The medical industry is increasingly becoming a major target for cyber attacks.