Around 80 million individuals have had their names, birthdays, medical IDs, addresses, social security numbers, and employment information stolen in what may be the largest healthcare hack to date. The hackers stole enough data to perform identity theft and possibly open a credit card in victims’ names.
Anthem’s CEO Joseph Swedish, said "These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members.” He also added that "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” according to Net-Security.org.
Very little is known about the attackers and their motives. Madiant, the security firm hired by Anthem to secure their accounts, said the hackers are an “advanced group.”
Jaime Blasco, VP and chief scientist of AlienVault said, "It is yet unclear who is behind the attack, but if the group behind that compromised Anthem and plans to sell that information on the black market, it means cybercriminals can buy access to the stolen data and use that information to drain your bank account, open new credit accounts and telephone accounts or even utility accounts. They can even obtain medical care using your information.” (Net-Security.org).
Anthem responded to this attack promptly by involving the FBI and notifying customers, according to USA Today.
The FBI warned healthcare companies last August of the potential for breaches after the attack on Community Health Systems, Inc. Medical information is much more valuable than credit card information because once a victim notices fraud, the credit card is cancelled. Medical identity theft can go years unnoticed, according to CNBC.
Current and former members who have questions about the data breach can visit www.anthemfacts.com or call 877-263-7995.
UPDATE: Anthem is refusing to allow a federal watchdog to perform an audit of their IT systems, according to We Live Security. Anthem also disagreed to an IT vulnerability scan in 2013 by the same company. The Office of Personnel Management’s Office of Inspector General (OIG) found vulnerabilities in 2013 that would "provide a gateway for malicious virus and hacking activity." However, OIG was not allowed to perform a full audit, therefore they were unable to fix the vulnerabilities at the time.
OIG stated, "we attempted to schedule a new IT audit of Anthem for this summer. Anthem recently informed us that, once again, it will not permit our auditors to perform our standard vulnerability scans and configuration compliance tests."
Not only are 80 million Anthem customers affected, another 8.8 million customers of independent health insurance firms are at risk for their personal information being stolen.