CHPDC Cyberattack FAQs

On January 28, 2021, CareFirst Community Health Plan District of Columbia (CHPDC), formerly Trusted Health Plan learned that someone attacked our computer systems. They stole personal information. We immediately called in the expert computer security company, CrowdStrike, who assisted us in taking a series of steps designed to further protect personal information, including changing every password, monitoring for signs of data misuse, and finding out how the attack happened to avoid it from happening again.

We reported the incident to the Federal Bureau of Investigation and working with CrowdStrike, started our own inquiry. We believe that a foreign cybercriminal group was likely responsible.

The information of anyone who has been an enrollee of CHPDC is impacted by the incident. Current and former employees of CHPDC are impacted. Providers who received payment from CHPDC for services provided to D.C. Medicaid enrollees may also be affected by this incident.

The attackers may have gained access or taken personal information such as your full name, address, telephone number, date of birth, Social Security number, Medicaid identification number and medical information. This included claims information and in limited instances clinical information.

The attackers may have gained access to the following personal and / or business information about you: full name, business address and Social Security number or tax identification number, whichever number you use for tax purposes.

The attackers may have gained access or taken current and former employees the following personal information: full name, address, date of birth and Social Security number.

The attackers may have gained access to or taken your business name, business address and Social Security number or tax identification number, whichever number you use for tax purposes.

Yes, we are offering two years of free credit monitoring and identity theft protection services to those individuals affected through Experian’s® IdentityWorks℠. Affected individuals will receive a letter from us. That letter will contain a personalized code that will be used to access the free protection services. If you have received a letter, you can click on the link at Free Credit Monitoring tab above to enroll or call Experian at (855) 347-6549.

Again, you must have the personalized code contained in your notification to enroll. You will not be able to enroll at the number above until you have received a letter with your personalized code.

Yes - dependents under 18 who are affected will receive a letter in care of the parent or guardian notifying them and detailing how to enroll in Experian’s® IdentityWorks℠ service. If you have received a letter, you can click on the link at Free Credit Monitoring tab above to enroll or call Experian at (855) 347-6549.

These services are free of charge and do not require a credit card or other financial information to enroll.

You can enroll once you receive a letter with your personalized code.

If you have received a letter, you can click on the link at Free Credit Monitoring tab above to enroll or call Experian at (855) 347-6549.

We have established a process to provide you with access to credit monitoring and identity theft protection if you were impacted by the cyberattack but did not receive a letter. Click on the tab labeled "Didn't Get a Letter?" There, you will see a substitute notice letter for individuals who did not receive a letter in the mail. Follow the instructions in the notice to receive via email the personalized code necessary to enroll in the protections offered. You may also contact Experian directly at (855) 347-6549 and tell them you believe you were affected by the cyberattack and did not receive a letter.

No - We are committed to protecting your privacy. We will not contact you by email, text or phone about this event. If you receive inquiries by phone, text, email or social media that say they are about this event, they are not from us. Do not click on any links or attachments in email messages or provide any personal information in response.

If you have questions, please call us at 202-821-1100. You can also reach us by email at  chpdcanswers@carefirst.com or by mail at CHPDC Privacy Office, P.O. Box 14858, Lexington, KY 40512.

No. The information potentially accessed as a result of the attack was limited to CHPDC.

If you receive a ransom email or text, never click on any links, download or open any files included in the message. These emails or texts may be used by attackers to attempt to harm your computer or device or further a cyberattack against you.

You should also never respond to ransom emails, texts of phone calls or attempt to engage with the senders of a ransom note under any circumstances. You should delete any texts or emails from your computer or device, including your trash folder.

CareFirst CHPDC

Community Health Plan
District of Columbia
DHCFGovernment of the District of Columbia