Anthem hack exposes up to 80 million records

In what may be the biggest breach in healthcare, as many as 80 million records of current and former Anthem customers, as well as employees who are currently covered or have received coverage in the past, have been hacked, The New York Times reported.

Names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, have been accessed by what Anthem is calling a “a very sophisticated attack to gain unauthorized access to one of Anthem’s IT systems.”

“No credit card information was compromised, nor is there evidence at this time that medical information such as claims, test results, or diagnostic codes were targeted or obtained,” Leslie Porras, Anthem spokesperson, told Managed Healthcare Executive.

“As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation,” Porras says.

Anthem also has retained Mandiant, a cyber security firm in Alexandria, Virginia, to evaluate its systems and identify solutions based on the evolving landscape, according to Porras.

“We will individually notify current and former members whose information has been accessed,” she says. “Credit monitoring and identity protection services will be provided free of charge so that those who have been affected can have peace of mind.”

“Experts have been warning the public that it is not a question of ‘will companies be hacked,’ but rather ‘when will they be hacked,’” according to John Santilli partner, Access Market Intelligence, in Trumbull, Conn. “Healthcare is one of the most vulnerable industries along with financial services because of the nature of personal information both hold.”

NEXT: Website established for members 

Although most recent security breaches involved retail establishments, cyber criminals target healthcare organizations to obtain personal data that can be used to commit fraud, according to Barry P. Chaiken, MD, MPH, chief medical information officer at Infor (formerly Lawson).

“Data stolen includes credit card information, social security numbers, bank account numbers, and insurance information,” Dr. Chaiken says. “These items prove just as valuable to criminals as data stolen from other sources. Healthcare organizations must be diligent to protect patient information as the integrity of the data collected within electronic medical records and other clinical systems is critical to accurately diagnosing and treating patients. If patients are reluctant to share their information with clinicians and healthcare organizations for fear of a breach, the quality of care delivery is put at risk. To ensure the best clinical outcomes for patients, we must protect their personal information.”

Anthem has established a dedicated website where members can access information, including frequent questions and answers. Both current and former members can call (877) 263-7995 if they have questions related to this incident.

The insurer reportedly detected suspicious activity on January 27. On January 29, an internal investigation confirmed that the company database had been hacked, with the unauthorized access dating back to December 10, 2014, according to California Healthline.

“Anthem appears to have taken the best steps it can to react to this issue, but it will remain a ‘wait-and-see’ situation for the companies and its members,” Santilli says.

Last year, a data breach occurred at Franklin, Tennessee-based Community Health Systems when an external group of hackers stole non-medical data of 4.5 million patients nationwide.