Hackers accessed the personal information of nearly 80 million Anthem, Inc. customers, including social security numbers. Anthem, the second largest health insurer in the U.S., announced that accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthink and DeCare were compromised. Anthem had previously discovered suspicious network activity and began collaborating with the HITRUST Cyber Threat Intelligence and Incident Coordination Center (HITRUST C3) to investigate. HITRUST C3 believes that this was a targeted attack on Anthem and not on the industry as a whole.
Anthem revealed that the personal information obtained relates to identification, including birthdate, social security numbers, street and email addresses and employment data. Anthem believes that credit card and medical information including test results and diagnostics were safe from the breach. Anthem has been working with the FBI to investigate the breach and cybersecurity firm Mandiant to review and strengthen their systems.
After Anthem completes an investigation determining the scope of the attack and the affected customers, it will notify those members and provide free credit monitoring and identity protection. Companies are required to inform consumers after such informational breaches and have 60 days following the discovery of an attack. Typically, a company doesn’t discover its own breach, but in this case Anthem discovered the breach only last week and sought to inform customers more quickly than required.
Large scale attacks have occurred in other industries recently, including contact information for 76 million J.P. Morgan households, 56 million Home Depot customer credit card accounts, and 40 million payment accounts in the infamous Target breach. Health care companies are starting to become a more desirable target due to the information they store about illnesses, care and prescriptions.