Who is affected by this change?

This affects CareFirst BlueCross BlueShield on All Plans plans.

When does this change take effect?

This change is effective Apr 8, 2022.

Back to dashboard

All PlansAdministrativeMedium impact

Help Us Protect Member Information

CareFirst BlueCross BlueShield·Provider News

Effective date

Apr 8, 2022

We identified it

Jun 20, 2026

Days to comply

—

Summary

CareFirst has issued enhanced cybersecurity guidelines for healthcare providers due to heightened cyberattack risks from geopolitical tensions. The policy requires stricter protection of patient health information (PHI) and secure communication protocols when working with CareFirst.

Action Required

Action needed

Immediately: Billing team must ensure all CareFirst Provider Portal users have individual login credentials (no sharing). Update password policies to require complex passwords and enable multifactor authentication where possible. When emailing PHI to CareFirst, use only secure transmission methods. Subscribe to CareFirst email notifications from newsletter.editor@carefirst.com or customerinsights@carefirst.com. Contact CareFirst Help Desk for suspicious emails and Provider Service to validate unknown requests for member information.

Related policy hubs

CareFirst BlueCross BlueShield policies