Health insurer Anthem hit by massive cyber attack
In what is likely to be the largest data breach of a health care insurer, hackers gained access to as many as 80 million internal files of Anthem Inc., the nation’s second-biggest health insurance carrier.
Anthem revealed on Feb. 4 that the stolen files numbered in the tens of millions and contained the personal information of current and former customers, as well as employees. A statement released by Anthem CEO Joseph Swedish said that the company was hit by a “very sophisticated, external cyber attack.”
The stolen information includes names, street addresses, birthdates, Social Security numbers, email addresses, employment information, and income data. However, there is no evidence that the stolen personal data includes credit card or medical history information, the company said.
The hack was first discovered on Jan. 29 by a senior administrator. Afterwards, Anthem said it immediately attempted to close the security vulnerability and reported the attack to the FBI.
The New York Times is reporting that the hackers are thought to have infiltrated Anthem’s networks by using a sophisticated, malicious software program that gave them access to login credentials. Anthem has not yet offered any information about who is behind the attack.
An analysis of observable information by the Health Information Trust Alliance (HITRUST), a non-profit health care security agency that has been collaborating with Anthem since the breach was discovered, suggests that Anthem was the sole target of the hack. Based on its findings, HITRUST said there is no need to issue an industrywide alert.
Anthem operates health plans under numerous brands, including Blue Cross Blue Shield. The Indianapolis-based insurance giant currently covers around 40 million people.
Anthem has since announced that it enlisted the help of cybersecurity firm Mandiant—who recently handled high-profile cyber attacks for Sony Pictures Entertainment and JP Morgan Chase & Co.—to work on identifying the vulnerabilities in its system that led to the breach.
Anthem also announced it would contact everyone affected by the hack, either through mail or email. In addition, Anthem has set up a toll-free number for current and former members to call with any questions at 877.263.7995, and there is also a dedicated website with information here.
Please be aware, that as part of the Anthem FAQ document, the following information has been released:
Does this impact Blue Cross and Blue Shield plans not owned by Anthem?
Yes, BlueCard members are impacted. The Blue Cross and Blue Shield Association's BlueCard is a national program that enables members of one Blue Cross and Blue Shield Plan to obtain healthcare services while traveling or living in another Blue Cross and Blue Shield Plan's service area. The program links participating healthcare providers with the independent Blue Cross and Blue Shield Plans across the country and in more than 200 countries and territories worldwide through a single electronic network for claims processing and reimbursement.
I think I received a scam email related to Anthem's cyber attack.
Members who may have been impacted by the cyber attack against Anthem should be aware of scam email campaigns targeting current and former Anthem members. These scams, designed to capture personal information (known as "phishing"), are designed to appear as if they are from Anthem and the emails include a "click here" link for credit monitoring. These emails are NOT from Anthem.
- DO NOT click on any links in email
- DO NOT reply to the email or reach out to the senders in any way
- DO NOT supply any information on the website that may open, if you have clicked on a link in email
- DO NOT open any attachments that arrive with email
The information provided is only a general summary and is being distributed with the understanding that PM Group Benefit Advisors II, LLC is not providing legal, tax, accounting, or other professional advice, position, or opinions on specific facts or matters and, accordingly assumes no liability whatsoever in connection with its use.
Content ©2013 Zywave, Inc. All rights reserved.