The attack, which occurred in June of 2014, affected nearly 1 million members. The breach resulted in the exposure of patients' sensitive information including names, birth dates, and social security numbers. CareFirst didn’t learn about the attack directly, but instead found out from a cybersecurity firm brought in to test CareFirst’s network security after the attacks on Premera and Anthem attacks.