Hackers break into Anthem: 10 things to know

Anthem reported late Wednesday that hackers accessed personal information for approximately 80 million former and current customers and employees, and it is likely that "tens of millions" of records were stolen, according to the Wall Street Journal.

Here are 10 things to know about this developing story.

1. The external cyberattack will likely be the largest data breach disclosed by a healthcare company to date, according to the WSJ. Indianapolis-based Anthem is the second largest health insurer in the country.

2. Anthem said the attack was discovered Jan. 29 when a systems administrator noticed a database query was running with his identifier code, even though he had not initiated the query.

3. The company is now working with the Federal Bureau of Investigation. At this time, no one person or entity has been identified as the attacker.

4. The company is still assessing the extent of the breach. It has said names, birthdays, addresses, phone numbers, email addresses, employment information and Social Security numbers were exposed, although the attack does not appear to involve medical information or financial details, such as credit card information. Anthem also said there are no signs that the data is being sold on the black market, according to the WSJ.

5. Thomas Miller, Anthem's CIO, said in the report it is still unclear how hackers accessed the identification information needed to enter the database. Anthem has reset all higher-level employees' passwords and blocked all access that only requires one password, Mr. Miller said.

6. Investigators tracked the information to a Web-storage service and froze the information there, though they are still unsure if hackers had already transferred some of the information to another location before investigators were able to freeze the data, according to the report.

7. Affected plans include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.

8. In a letter to Anthem members, CEO Joseph Swedish said he wanted "to personally apologize" for the security breach. Mr. Swedish noted his own personal information and that of associates had been accessed. "We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data," Mr. Swedish wrote.

9. Anthem said it would begin notifying members in the coming weeks. It has set up a website, www.AnthemFacts.com, and a toll-free number (877-263-7995) to respond to questions.

10. Anthem said it doesn't expect the incident to affect its 2015 financial outlook, "primarily as a result of normal contingency planning and preparation," according to the WSJ.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars