In what is likely to be the largest data breach of a health care insurer, hackers gained access to as many as 80 million internal files of Anthem Inc., the nation’s second-biggest health insurance carrier.
Anthem revealed on Feb. 4 that the stolen files numbered in the tens of millions and contained the personal information of current and former customers, as well as employees. A statement released by Anthem CEO Joseph Swedish said that the company was hit by a “very sophisticated, external cyber attack.”
The stolen information includes names, street addresses, birthdates, Social Security numbers, email addresses, employment information and income data. However, there is no evidence that the stolen personal data includes credit card or medical history information, the company said.
The hack was first discovered on Jan. 29 by a senior administrator. Afterward, Anthem said it immediately attempted to close the security vulnerability and reported the attack to the FBI.
The New York Times is reporting that the hackers are thought to have infiltrated Anthem’s networks by using a sophisticated, malicious software program that gave them access to login credentials. Anthem has not yet offered any information about who is behind the attack.
An analysis of observable information by the Health Information Trust Alliance (HITRUST), a nonprofit health care security agency that has been collaborating with Anthem since the breach was discovered, suggests that Anthem was the sole target of the hack. Based on its findings, HITRUST said there is no need to issue an industry-wide alert.
Anthem operates health plans under numerous brands, including Blue Cross Blue Shield. The Indianapolis-based insurance giant currently covers around 40 million people.
Anthem has since announced that it enlisted the help of cyber security firm Mandiant—who recently handled high-profile cyber attacks for Sony Pictures Entertainment and JP Morgan Chase & Co.—to work on identifying the vulnerabilities in its system that led to the breach.
Anthem also announced it would contact all affected individuals. Notification will primarily occur through mail. Email may also be used for certain aspects of notification. In addition, Anthem has set up a toll-free number for current and former members to call with any questions at 877-263-7995, and there is also a dedicated website with information here: www.AnthemFacts.com.