Anthem Hit by Large Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Anthem Hit by Large Data Breach

February 5, 2015
by Gabriel Perna
| Reprints

Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems that exposed the personal data of approximately 80 million customers.

The payer announced details of the breach late Wednesday in a letter from President and CEO, Joseph R. Swedish. He said that Anthem was the target of a “very sophisticated external cyber attack.” The hackers gained access to current and former members’ names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem says that credit card and medical information, such as claims, test codes, and diagnostic codes were not compromised.

According to the letter, Anthem is working with the Federal Bureau of Investigation (FBI) on the investigation. They’ve also hired Mandiant, a cybersecurity firm, to evaluate its systems. As is the case with most of these breaches, Anthem is offering free credit monitoring for those affected.

Anthem, formerly known as Wellpoint, is the second large healthcare organization to be affected by a hack in the past 12 months and gain mainstream media attention. Community Health, a large chain of hospitals, was hacked in April of 2014 and 4.5 million of its patients had their data stolen. After the breach, the FBI sent a warning to healthcare organizations over the threat of increased data breach attacks.

Anthem is facing criticism from industry observers for its lack of encrpytion. Trent Telford, CEO of Reston, Va.-based Covata and a member of Anthem, said the company was irresponsible for not protecting the data.

"We do not know what they were after and we do not know what they plan to do with the data - what we do know is that they were after the data itself and it was left exposed and unsecured. The data was not encrypted making it a valuable target for thieves," he said in a statement. "It is irresponsible for businesses not to encrypt the data. We have to assume the thieves are either in the house or are going to break in - they will always build a taller ladder to climb over your perimeter security - we must protect the data itself."

Mac McMillan, co-founder and CEO of consulting firm, CynergisTek, Inc. and current chair of the HIMSS Privacy & Security Policy Task Force, is in more of a wait-and-see mode. He does see the hack as a wakeup call, though, for others.

"This attack raises several questions not only about what Anthem did or did not do to adequately protect the information they were entrusted with, but more importantly what does this say about Healthcare’s ability and commitment to protecting information in general," McMillan said in an email to HCI. "I agree also that we’ll need to wait to see the facts regarding the breach to understand just how sophisticated it was.  The breach may have been relatively unsophisticated, while the exploitation and exfiltration phases of the attack could have been more sophisticated.  The real question is how does information on 80 million people, which can’t be trivial, leave the enterprise without setting off any alarms?"

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.