Up to 80 million customers had their account information stolen in the largest healthcare data breach in history. Anthem Inc., the second-largest health insurance company in the country, said hackers got access to their computer system and got information including names, medical IDs, birthdates, Social Security Numbers, street addresses, email addresses, employment information and income data.
The cyberattack highlights the vulnerability of healthcare companies, which experts say are behind other industries in protecting customers' sensitive personal information.
"This is one of the worst breaches I have ever seen,” Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse said in a New York Times article. “These people knew what they were doing and recognized there was a treasure trove here, and I think they are going to use it to engage in very sophisticated kinds of identity theft.”
"Anthem was the target of a very sophisticated external cyber attack," Anthem president and CEO Joseph Swedish said in a statement. “Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”
The database that was breached held about 80 million customer records, but Anthem is still investigating how many people were impacted.
“At this point we believe it was tens of millions," said Anthem spokesperson Cindy Wakefield.
Even if only a fraction of the 80 million customers were affected, this would still be the largest healthcare data breach to date. Information for both current and former customers was breached.
The breach wouldn’t come under HIPAA rules because it appears that no actual medical information was stolen. Experts say hackers probably weren’t interested in medical information.
"The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it," Tim Eades, CEO of computer security firm vArmour said in a recent USA Today article.
Anthem is working with the FBI and cybersecurity firm Mandiant to investigate the breach. To learn more about the breach, visit www.anthemfacts.com. If you’re a current or former member, call 877-263-7995 to find out what the breach means to you.