Hackers have stolen millions of customer and employees records from Anthem, the country’s second-largest health insurer. Anthem states the hackers were able to gain access to Anthem’s IT database obtaining personal information from around 80 million current and former Anthem members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. However, there is no evidence the hackers stole credit card or medical information, such as claims, test results or diagnostic codes.
“Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack.
Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.,” said Anthem President and CEO Joseph R. Swedish, in a statement.
Anthem has notified the FBI and has fully cooperated with their investigation, as well as bringing on cybersecurity firm Mandiant to evaluate their systems and identify solutions. The recent attack would make it largest healthcare data breach to date, according to Vitor De Souza, a spokesman for Mandiant. For now it is unclear how the hackers were able to access Anthem’s database.
Anthem has set up a website, www.AnthemFacts.com, and a toll-free number, 1-877-263-7995, to help respond to any questions. The company also noted it would provide free identity repair services and credit monitoring.
“Health records are the new gold for hackers. When your credit card number is stolen you can cancel the card and get a new one, but your health record includes your social security number which cannot be replaced. Hackers have gotten very sophisticated so early discovery of breaches is the best way for organizations to limit the damage,” said Nat Kausik, CEO of Bitglass to HIT Consultant.
According to the 2014 Healthcare Breach Report from Bitglass, the total number of healthcare data breaches per year has remained fairly constant for the past three years—averaging about 200 breaches per year. About 6x as many credit card numbers as medical records are stolen each year. The cost of healthcare data breaches is steep: Up to $50,000 per HIPAA violation, or up to $1,500,000 per calendar year per identical violation.