Hackers strike US health insurance giant Anthem; steal millions of personal data

05 Feb 2015

In one of the largest security breaches in corporate history, hackers have stolen tens of millions of items of personal information from Anthem Inc, the second-largest US health insurance company.

In a release to its customers, Anthem's president and CEO Joseph R. Swedish said, ''Anthem was the target of a very sophisticated external cyber attack.''

The stolen information pertains to about 80 million customers, employees and includes names, birthdays, medical IDs, social security numbers, addresses, email-ids and employment information including income data.

''Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,'' Swedish further stated.

On discovering the breach of security Anthem said it immediately contacted the Federal Bureau of Investigation (FBI) and also made every effort to close the security vulnerability.

In a statement, FBI said yesterday that it was aware of the Anthem intrusion and was investigating the matter. It also praised the insurer for its prompt action.

"Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible. Rapid notification allows the FBI to quickly deploy our cyber experts to preserve evidence and work with a company's incident responders to help them remediate their networks and rid their systems of harmful malware, the FBI said.

The company has also retained Mendicant, one of the world's leading cyber security firms to evaluate its IT systems and identify solutions.

''Anthem's own associates' personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,'' Swedish said.

Anthem pledged to individually notify current and former members if their data has been stolen, and said it would offer free credit monitoring and identity protection services to affected customers.

The insurer has created a dedicated website www.anthemfacts.com  and toll free number to respond to members' queries and provide up-to-date information on the subject.

''We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem,'' the chief said.

Anthem, formerly known as WellPoint, is California's biggest health insurer and has over 37 million members in California and 13 other US states.

The data loss comes at a time when the insurer is hoping to enroll thousands of new members under the the US government's Obamacare plan for which the set deadline is 15 February.

The cyber attack on Anthem is the latest in a series of other data breaches at retailers Home Depot Inc and Target Corp, Sony Pictures Entertainment Inc and also others such as JP Morgan Chase, eBay etc.