Skip to content Skip to navigation

Anthem Hit by Large Data Breach

February 5, 2015
by Gabriel Perna
| Reprints

Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems that exposed the personal data of approximately 80 million customers.

The payer announced details of the breach late Wednesday in a letter from President and CEO, Joseph R. Swedish. He said that Anthem was the target of a “very sophisticated external cyber attack.” The hackers gained access to current and former members’ names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem says that credit card and medical information, such as claims, test codes, and diagnostic codes were not compromised.

According to the letter, Anthem is working with the Federal Bureau of Investigation (FBI) on the investigation. They’ve also hired Mandiant, a cybersecurity firm, to evaluate its systems. As is the case with most of these breaches, Anthem is offering free credit monitoring for those affected.

Anthem, formerly known as Wellpoint, is the second large healthcare organization to be affected by a hack in the past 12 months and gain mainstream media attention. Community Health, a large chain of hospitals, was hacked in April of 2014 and 4.5 million of its patients had their data stolen. After the breach, the FBI sent a warning to healthcare organizations over the threat of increased data breach attacks.

Anthem is facing criticism from industry observers for its lack of encrpytion. Trent Telford, CEO of Reston, Va.-based Covata and a member of Anthem, said the company was irresponsible for not protecting the data.

"We do not know what they were after and we do not know what they plan to do with the data - what we do know is that they were after the data itself and it was left exposed and unsecured. The data was not encrypted making it a valuable target for thieves," he said in a statement. "It is irresponsible for businesses not to encrypt the data. We have to assume the thieves are either in the house or are going to break in - they will always build a taller ladder to climb over your perimeter security - we must protect the data itself."

Mac McMillan, co-founder and CEO of consulting firm, CynergisTek, Inc. and current chair of the HIMSS Privacy & Security Policy Task Force, is in more of a wait-and-see mode. He does see the hack as a wakeup call, though, for others.

"This attack raises several questions not only about what Anthem did or did not do to adequately protect the information they were entrusted with, but more importantly what does this say about Healthcare’s ability and commitment to protecting information in general," McMillan said in an email to HCI. "I agree also that we’ll need to wait to see the facts regarding the breach to understand just how sophisticated it was.  The breach may have been relatively unsophisticated, while the exploitation and exfiltration phases of the attack could have been more sophisticated.  The real question is how does information on 80 million people, which can’t be trivial, leave the enterprise without setting off any alarms?"



OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.

Kansas Health Information Network Expands its Network across State Lines

The Kansas Health Information Network (KHIN) has announced that it is expanding its horizons, and is now connected to Health Information Exchange Texas (HIETexas).

CMS Selects Vendor to Modernize Critical Identity Infrastructure

The Centers for Medicare & Medicaid Services (CMS) last week announced it had selected San Francisco-based vendor Okta to enhance the security of its information systems.

Mayo Clinic, ASU Partner for Medical Education, Healthcare Innovation

The Mayo Clinic and Arizona State University have announced a partnership centered on transforming medical education and healthcare in the U.S. through a variety of innovation efforts.

CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.