BALTIMORE (WJZ) — Maryland’s largest health insurer is in damage control as a cyber attack may have exposed the personal information of nearly 7,000 members.

Just four years ago, more than one million CareFirst BlueCross BlueShield members had their information stolen. Now, the company is dealing with another attack, and they aren’t alone.

READ MORE: UMD Doctoral Candidate, Anat Kimchi, Stabbed To Death In Downtown Chicago

The insurer revealed Friday that a phishing email opened by an employee could have revealed names, birthdays and member identification numbers of up to 6,800 patients.

RELATED: Phishing Could Affect 6,800 Members Of Maryland Insurer

Eight patients had their Social Security numbers exposed.

This comes just one day after Under Armour revealed 150 million usernames and hashed passwords were stolen from its MyFitnessPal app.

RELATED: Under Armour Announces Data Breach

“Under Armour, you know, they’re a big corporation and a big target, same thing with CareFirst. They’re a big corporation and thus a big target. So I wouldn’t say you need to be more concerned in Maryland than anywhere else,” said Steve Taormino, president and CEO of ‎CC&A Strategic Media.

The two Baltimore-headquartered companies join a growing list of organizations targeted by hackers.

Cybersecurity expert Taormino says using long, unique passwords is the best way to protect yourself.

READ MORE: Milestones In Maryland's Covid-19 Fight: No Deaths Reported In 2 Days, Less Than 50 New Cases

“Things that need to be done are making very complicated passwords for themselves and making sure that they don’t use the same password for every account that they have,” he explains.

Baltimore’s automated 911 system was crippled by a cyber attack last weekend — forcing operators into manual mode for 17 hours.

RELATED: Baltimore Emergency Dispatch System Hacked, Forces Switch To Manual Mode

Also, many cities nationwide have seen their systems infected with ransomware.

This wave of attacks is causing more trouble for cities and companies whose firewalls just aren’t strong enough.

CareFirst has not replied to WJZ’s request for comment nor has it issued a statement regarding the breach. However, they are playing defense on Twitter, asking patients to contact them.

CareFirst says no medical or financial records were compromised in the attack.

Follow @CBSBaltimore on Twitter and like WJZ-TV | CBS Baltimore on Facebook

MORE NEWS: Violence In Baltimore City Continues To Outpace 2020 Numbers, Governor Hogan Reacts