Anthem Hit by Large Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Anthem Hit by Large Data Breach

February 5, 2015
by Gabriel Perna
| Reprints

Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems that exposed the personal data of approximately 80 million customers.

The payer announced details of the breach late Wednesday in a letter from President and CEO, Joseph R. Swedish. He said that Anthem was the target of a “very sophisticated external cyber attack.” The hackers gained access to current and former members’ names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem says that credit card and medical information, such as claims, test codes, and diagnostic codes were not compromised.

According to the letter, Anthem is working with the Federal Bureau of Investigation (FBI) on the investigation. They’ve also hired Mandiant, a cybersecurity firm, to evaluate its systems. As is the case with most of these breaches, Anthem is offering free credit monitoring for those affected.

Anthem, formerly known as Wellpoint, is the second large healthcare organization to be affected by a hack in the past 12 months and gain mainstream media attention. Community Health, a large chain of hospitals, was hacked in April of 2014 and 4.5 million of its patients had their data stolen. After the breach, the FBI sent a warning to healthcare organizations over the threat of increased data breach attacks.

Anthem is facing criticism from industry observers for its lack of encrpytion. Trent Telford, CEO of Reston, Va.-based Covata and a member of Anthem, said the company was irresponsible for not protecting the data.

"We do not know what they were after and we do not know what they plan to do with the data - what we do know is that they were after the data itself and it was left exposed and unsecured. The data was not encrypted making it a valuable target for thieves," he said in a statement. "It is irresponsible for businesses not to encrypt the data. We have to assume the thieves are either in the house or are going to break in - they will always build a taller ladder to climb over your perimeter security - we must protect the data itself."

Mac McMillan, co-founder and CEO of consulting firm, CynergisTek, Inc. and current chair of the HIMSS Privacy & Security Policy Task Force, is in more of a wait-and-see mode. He does see the hack as a wakeup call, though, for others.

"This attack raises several questions not only about what Anthem did or did not do to adequately protect the information they were entrusted with, but more importantly what does this say about Healthcare’s ability and commitment to protecting information in general," McMillan said in an email to HCI. "I agree also that we’ll need to wait to see the facts regarding the breach to understand just how sophisticated it was.  The breach may have been relatively unsophisticated, while the exploitation and exfiltration phases of the attack could have been more sophisticated.  The real question is how does information on 80 million people, which can’t be trivial, leave the enterprise without setting off any alarms?"

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.