American health insurer has announced that social security numbers and other personal information were stolen in a cyber attack.
With the potential to expose around 80 million Anthem customer details, accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare were all part of the data breach, reported Forbes.
In a statement, Joseph R. Swedish, President and CEO of Anthem, said that despite having “state-of-the-art information security systems to protect your data”, the company was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.
It said that there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.
He said: “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cyber security firms, to evaluate our systems and identify solutions based on the evolving landscape.
“Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”
He concluded by personally apologising for what has happened, and said it will continue to do everything “in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem”.
Charles Sweeney, CEO of Bloxx, said: “No company wants to fall victim to what has the potential to be the biggest health hack in history. Whilst Anthem’s customers will be relieved to know that no financial or health data is thought to have been stolen, the fact that so much personal data has been taken will be a serious concern for customers who will no doubt be worried about identity theft. I am sure Anthem would advise its customers to be alert and on the look out for any suspicious activity in the coming weeks.”
Check Point UK managing director, Keith Bird, said: “For the attackers, it’s just a numbers game, but it could have serious consequences for customers. Phishing emails continue to be the most common source for social engineering attacks, so customers should be suspicious of any email or even phone call that relates to the breach.”
Mark Bower, VP of product management for Voltage Security, said: “Leading healthcare entities are already embracing data-centric security to prevent this type of breach yielding valuable data when attacked. The reason is simple: healthcare data is lucrative to monetise and healthcare providers can expect attacks to rise sharply as other industries like retail merchants progressively eliminate exploitable security gaps with data-centric encryption and tokenization.”