As many as 80 million customers of America’s second-largest health insurance company, Anthem Inc., have had their account information stolen.
Anthem Inc., which is the second-largest health insurer in the United States with nearly 40 million customers, has confirmed that hackers successfully breached one of its IT systems and have stolen personal information relating to approximately 80 million current and former consumers and employees. While details are still being figured out, the incident could potentially rank among the largest of recent attacks, including J.P. Morgan, Home Depot and Target.
What information was breached? While Anthem states that the breach did not appear to involve medical information or financial details such as credit card or bank account numbers, the data accessed during the “very sophisticated attack” includes names, birthdays, social security numbers, street addresses, email addresses and employment information, such as income data.
How many were affected? At the moment, the company did not say how many customers and staff were impacted by the hack. However, the Wall Street Journal has shared it was suspected that records of tens of millions of people had been taken, which would likely make it the largest data breach involving a U.S. health insurer. Something to consider: Anthem had 37.5 million medical members as of the end of 2014.
How did it happen? It appears that the attack was the only breach of Anthem’s systems, and the company’s CIO reveals it is not yet clear how the cyber-criminals were able to obtain the necessary credentials needed to access the database. Those responsible are not yet known and an FBI-led investigation is underway. According to Bloomberg, there’s speculation that a Chinese state-sponsored hacker group might be behind the breach.
When did it occur? Investigators are still determining the extent of the attack, which was discovered last week.
What they’re saying: “Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack,” CEO Joseph R. Swedish shared in a statement. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape. Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data”
It is becoming increasingly clear that embedded system insecurity affects everyone and every company. As we’ve seen, this insecurity can leave sensitive financial and medical data vulnerable to cyber-attackers. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network is protected?