Help Us Protect Member Information

Cybersecurity Notice for Our Healthcare Delivery Partners

As healthcare professionals, we are all stewards of personal health information (PHI) and other confidential data in our jobs. In light of geopolitical tensions in Europe, the United States government has issued several advisories of heightened risk of cyberattacks. Healthcare organizations are often among the most targeted groups for attacks. Therefore, we want to call your attention to some best practices so we can work together to protect data and information technology in the communities we serve.

  • Know and follow your organization’s security policies and procedures.
  • Work with your IT team to frequently update and run anti-virus software.
  • Create and update complex passwords; consider enabling multifactor authentication on devices where possible.
  • Be aware that cyber criminals sometimes send emails that can compromise your information systems. Be cautious about clicking embedded links or opening attachments from unknown senders. Do not forward suspicious emails to others.
  • Protect patient data by monitoring and updating who has access to the CareFirst Provider Portal and CareFirst Direct on behalf of your organization. (Refer to this interactive course on how to conduct User Access Reviews).
  • Each user must have their own user ID and password for the CareFirst Provider Portal. Do not share user IDs and passwords with coworkers.
  • When emailing with CareFirst representatives, always send PHI and other sensitive information to us securely.
  • Be sure to subscribe to our email notifications so you receive all updates in a timely manner. Listserv communications will come from or
  • Contact CareFirst’s Help Desk if you receive a potentially suspicious email from us.
  • Contact Provider Service if you are asked to provide member information from an unknown source. They can help validate the request.

Note: In compliance with federal requirements, we work with several vendors each year to collect medical records and verify practice data. Key vendors for these efforts include FIGmd/MRO, Change Healthcare, Cognisight, Carewise and Atlas. Practices are alerted to these efforts via letter and BlueLink articles. You can also reach out to your Provider Relations Representative if you have questions about any of these initiatives.

Refer to our Provider Manual for more information on CareFirst’s policies and procedures. Thank you for taking steps to safeguard shared data and technology.