Further Details on Anthem Cyber Attack

Further Details on Anthem Cyber Attack

In what is likely to be the largest data breach of a health care insurer, hackers gained access to as many as 80 million internal files of Anthem, Inc., the nation’s second largest health insurance carrier in Anthem Cyber Attack.

Anthem revealed on February 4, 2015 that the files stolen numbered in the tens of millions and contained the personal information of current and former customers, as well as employees.  A statement released by Anthem CEO Joseph Swedish said that the company was hit by a “very sophisticated, external cyber attack.”

The information stolen includes names, street addresses, dates of birth, Social Security numbers, email addresses, employment information, and income data.  There is no evidence however, that the stolen personal data included credit card or medical history information.

The hack was discovered on January 29, 2015 by a senior administrator.  Afterward, Anthem said it immediately attempted to close the security vulnerability and reported the attack to the FBI.

The New York Times is reporting that the hackers are thought to have infiltrated Anthem’s networks by using a sophisticated, malicious software program that gave them access to login credentials.  Anthem has not yet offered any information about who is behind the attack. 

An analysis of observable information by the Health Information Trust Alliance (HITRUST), a nonprofit health care security agency that has been collaborating with Anthem since the breach was discovered, suggests that Anthem was the sole target of the hack.  Based on its findings, HITRUST said there is no need to issue an industry-wide alert.

Anthem has since announced that it enlisted the help of cyber security firm Mandiant, who recently handled high-profile cyber attacks for Sony Pictures Entertainment and JP Morgan Chase & Co.  In both situations, Mandiant worked to identify the vulnerabilities in its systems that led to the breach – it is Anthem’s hope that this outcome is possible for them as well.

Anthem also announced they will contact all affected individuals.  Notification will primarily occur through mail.  Email may also be used for certain aspects of notification.  In addition, Anthem has set up a toll-free number for current and former members to call with any questions at 877-263-7995.  There is also a dedicated website with information:  www.anthemfacts.com.

If you have any further questions or concerns regarding the Anthem Cyber Attack, please do not hesitate to contact me at 877-352-2121 or by email at hknight@clark-mortenson.com.