CareFirst BlueCross BlueShield, the dominant health insurer for the Washington D.C./Maryland/Virginia region, disclosed on May 20, 2015 that approximately 1.1 million members had their data accessed in an APT breach attributed to the same Chinese state-linked infrastructure used in the contemporaneous Anthem (78.8M records) and Premera Blue Cross (11M records) attacks. CareFirst had detected what it believed was a contained attack in April 2014, but attackers had already planted backdoors enabling re-entry. The June 2014 intrusion went undetected until April 2015 when CareFirst proactively engaged Mandiant for a forensic assessment (prompted by the Anthem breach in February 2015). Exposed data included names, dates of birth, email addresses, and subscriber identification numbers — but notably NOT Social Security numbers, credit card data, passwords, or medical/claims information (a narrower scope than Anthem and Premera). The breach was part of a larger apparent Chinese intelligence operation targeting U.S. health insurance companies, possibly to build comprehensive profiles of federal government workers and contractors who have employer-provided health coverage through BCBS plans.