Anthem Hit by Large Data Breach

Feb. 5, 2015
Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems that exposed the personal data of approximately 80 million customers.

Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems that exposed the personal data of approximately 80 million customers.

The payer announced details of the breach late Wednesday in a letter from President and CEO, Joseph R. Swedish. He said that Anthem was the target of a “very sophisticated external cyber attack.” The hackers gained access to current and former members’ names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem says that credit card and medical information, such as claims, test codes, and diagnostic codes were not compromised.

According to the letter, Anthem is working with the Federal Bureau of Investigation (FBI) on the investigation. They’ve also hired Mandiant, a cybersecurity firm, to evaluate its systems. As is the case with most of these breaches, Anthem is offering free credit monitoring for those affected.

Anthem, formerly known as Wellpoint, is the second large healthcare organization to be affected by a hack in the past 12 months and gain mainstream media attention. Community Health, a large chain of hospitals, was hacked in April of 2014 and 4.5 million of its patients had their data stolen. After the breach, the FBI sent a warning to healthcare organizations over the threat of increased data breach attacks.

Anthem is facing criticism from industry observers for its lack of encrpytion. Trent Telford, CEO of Reston, Va.-based Covata and a member of Anthem, said the company was irresponsible for not protecting the data.

"We do not know what they were after and we do not know what they plan to do with the data - what we do know is that they were after the data itself and it was left exposed and unsecured. The data was not encrypted making it a valuable target for thieves," he said in a statement. "It is irresponsible for businesses not to encrypt the data. We have to assume the thieves are either in the house or are going to break in - they will always build a taller ladder to climb over your perimeter security - we must protect the data itself."

Mac McMillan, co-founder and CEO of consulting firm, CynergisTek, Inc. and current chair of the HIMSS Privacy & Security Policy Task Force, is in more of a wait-and-see mode. He does see the hack as a wakeup call, though, for others.

"This attack raises several questions not only about what Anthem did or did not do to adequately protect the information they were entrusted with, but more importantly what does this say about Healthcare’s ability and commitment to protecting information in general," McMillan said in an email to HCI. "I agree also that we’ll need to wait to see the facts regarding the breach to understand just how sophisticated it was.  The breach may have been relatively unsophisticated, while the exploitation and exfiltration phases of the attack could have been more sophisticated.  The real question is how does information on 80 million people, which can’t be trivial, leave the enterprise without setting off any alarms?"

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self-Service for MEDITECH Hospitals

Today’s consumers expect access to digital self-service capabilities at multiple points during their journey to accessing care. While oftentimes organizations view digital transformatio...

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.