Anthem Inc., the second-largest U.S. health insurance company, just announced that as many as 80 million customers have had their account information stolen in a sophisticated cyberattack.
In a statement posted on the company’s website, CEO Joseph Swedish wrote that attackers obtained personal information on current and former customers, including names, birthdates, medical ID numbers, social security numbers, mailing addresses, email addresses, employment information and income data.
Swedish claimed there is no evidence that credit card or medical information (e.g. test results or diagnostic data) was targeted or compromised, but the sheer amount of personal info that was stolen is breathtaking. Even without credit card numbers, attackers would be able to use the gathered data for identity theft on a massive scale.
Breadth of the Breach
Once all the details are fully known, it’s likely this will be the largest healthcare breach ever reported, according to Vitor De Souza, a spokesperson for Mandiant, the computer security company Anthem hired to evaluate the situation. Even if only a fraction of the 80 million are affected, the breach could hit tens of millions of people.
Impacted brands under the Anthem umbrella include Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
Anthem will be individually notifying consumers whose information has been accessed. In the meantime, the company has set up a FAQ page about the breach. With little forensic IT investigation released so far, though, the page seems to offer more “wait and see” advice than answers on what will happen next.
In an NBC News story, writers Ben Popken and Kelli Grant wrote, “Repercussions from some data breaches are easily remedied, but victims of insurance company Anthem’s breach will have to remain vigilant against fraud for the rest of their lives.” That’s because the type of information that’s been stolen is so perfect for identity theft that the attackers could keep the data for years before using it or sell that data to others.
Just the Beginning?
Given the statistics on healthcare as a hacker target, it’s not surprising that the newest, massive data breach would involve a healthcare insurance company. The percentage of cyberattacks focusing on medical systems has doubled in the last five years and now constitutes about 40 percent of all attempts.
We’ve been sharing our apprehension for months about medical Identity thefts, along with some tips for protecting yourself. This recent data breach seems like a great time to sound that alarm even louder. It’s unlikely Anthem will be an exception when it comes to cyberattacks — we believe the increasing use of technology within healthcare systems, coupled with the amount of data available in patient records, will spur even more attacks, potentially impacting millions of people for decades to come.
With these types of breaches happening now and into the future, it’s more important than ever for consumers to protect themselves. Even if you’re not a victim of the Anthem data breach, your personal information still resides in a medical record somewhere, one that could potentially be compromised.
IdentityForce’s comprehensive identity theft protection includes medical identity theft coverage, and for a limited time you can subscribe to our UltraSecure package free for 30 days.
Image courtesy of Flickr user jasleen_kaur.