Cyber Attack on Anthem Affects 80 Million People
The personal information of an estimated 80 million people has been compromised in a cyber attack on the information systems of insurance giant Anthem Inc., the country’s second largest insurer.
According to a statement from Anthem, hackers gained access to “personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data,” Anthem officials said in a statement. “Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”
The company is working with the cyber security firm Mandiant to evaluate the ongoing security of its systems and is cooperating with an FBI investigation, according to the statement. Mandiant also was retained by Community Health System after Chinese hackers stole the information of 4.5 million patients last year.
According to the Los Angeles Times, the information stored on Anthem’s databases may not have been encrypted.
“It is irresponsible for businesses not to encrypt the data,” said Trent Telford, chief executive of Covata, a data security firm, told the LA Times. “We have to assume the thieves are either in the house or are going to break in. They will always build a taller ladder to climb over your perimeter security.”
The paper also noted that Anthem, formerly Wellpoint, is California’s largest for-profit insurer and is the top company, by enrollment, on the Covered California health insurance exchange. Anthem has enrolled over 700,000 people in the Affordable Care Act’s health insurance exchange nationwide.
All of Anthem’s product lines were affected by the breach, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, and Blue Cross and Blue Shield of Georgia, among other brands, according to news reports.
**Edited 2/10/15: This article previously reported that, according to the Los Angeles Times, the information stored on Anthem’s databases was not encrypted. Sources have since indicated that this statement was inaccurate.