Anthem Admits Data Breach After ‘Sophisticated’ Attack

Tom Jowitt,
ntt

US healthcare insurer admits 80 million customer and staff records compromised in a damaging cyber attack

The damage of hacking attacks has been starkly exposed once again, after an American healthcare insurer admitted that 80 million customer and staff accounts have been compromised.

The company admitted that the hackers had accessed customer data including names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.

Hack Admission

Anthem was the target of a very sophisticated external cyber attack,” wrote Joseph R. Swedish, President and CEO of Anthem. “Based on what we know now, there is no evidence that credit card or medical information were targeted or compromised.”

NHS NPfIT health medicine doctor“Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data,” wrote Swedish. “However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack.”

Anthem is the second largest healthcare insurer in the United States. It said that once the attack had been discovered, it immediately made every effort to close the security vulnerability. It also contacted the FBI and began fully co-operating with their investigation. And finally, Anthem also retained cybersecurity firm Mandiant to evaluate its systems and identify solutions.

There is no word as of yet who is responsible for the hack, or indeed how the hackers managed to penetrate the company’s “state-of-the-art information security systems”. The FBI meanwhile praised Anthem for notifying them right away of the hack.

Anthem’s boss also admitted that his own personal details had been accessed during the security breach. “We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he wrote.

The company said it would individually notify current and former members whose information had been accessed. It is also providing credit monitoring and identity protection services free of charge. It also created a dedicated website – www.AnthemFacts.com – where members can access information such as frequent questions and answers.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” wrote Swedish. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

Corporates Beware

This is not the first time that a healthcare provider has been hacked. Last August, Community Health Systems (CHS), a major US operator of general hospital healthcare, lost patient records of 4.5 million people in a hacker attack.

Prior to that, another high profile data breach took place at US retailer Target and then US supermarket chain SuperValu.

But the hack of Sony Pictures Entertainment in late November by hackers calling themselves ‘Guardians of Peace’, was regarded as one of the most serious hacks to date.
That hack resulted in the leak of unreleased films, as well as the publication of embarrassing internal documents, including the salary details of top executives and personal information on Hollywood celebrities.

The United States has officially blamed the Sony hack on North Korea. Indeed, the director of the FBI recently said that it was relatively easy to identify the hackers because they had been “sloppy” in covering their tracks.

What do you do when tech fails? Take our quiz!