Anthem Hit by Large Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Anthem Hit by Large Data Breach

February 5, 2015
by Gabriel Perna
| Reprints

Anthem, a large Indianapolis-based payer, suffered a massive hack of its IT systems that exposed the personal data of approximately 80 million customers.

The payer announced details of the breach late Wednesday in a letter from President and CEO, Joseph R. Swedish. He said that Anthem was the target of a “very sophisticated external cyber attack.” The hackers gained access to current and former members’ names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem says that credit card and medical information, such as claims, test codes, and diagnostic codes were not compromised.

According to the letter, Anthem is working with the Federal Bureau of Investigation (FBI) on the investigation. They’ve also hired Mandiant, a cybersecurity firm, to evaluate its systems. As is the case with most of these breaches, Anthem is offering free credit monitoring for those affected.

Anthem, formerly known as Wellpoint, is the second large healthcare organization to be affected by a hack in the past 12 months and gain mainstream media attention. Community Health, a large chain of hospitals, was hacked in April of 2014 and 4.5 million of its patients had their data stolen. After the breach, the FBI sent a warning to healthcare organizations over the threat of increased data breach attacks.

Anthem is facing criticism from industry observers for its lack of encrpytion. Trent Telford, CEO of Reston, Va.-based Covata and a member of Anthem, said the company was irresponsible for not protecting the data.

"We do not know what they were after and we do not know what they plan to do with the data - what we do know is that they were after the data itself and it was left exposed and unsecured. The data was not encrypted making it a valuable target for thieves," he said in a statement. "It is irresponsible for businesses not to encrypt the data. We have to assume the thieves are either in the house or are going to break in - they will always build a taller ladder to climb over your perimeter security - we must protect the data itself."

Mac McMillan, co-founder and CEO of consulting firm, CynergisTek, Inc. and current chair of the HIMSS Privacy & Security Policy Task Force, is in more of a wait-and-see mode. He does see the hack as a wakeup call, though, for others.

"This attack raises several questions not only about what Anthem did or did not do to adequately protect the information they were entrusted with, but more importantly what does this say about Healthcare’s ability and commitment to protecting information in general," McMillan said in an email to HCI. "I agree also that we’ll need to wait to see the facts regarding the breach to understand just how sophisticated it was.  The breach may have been relatively unsophisticated, while the exploitation and exfiltration phases of the attack could have been more sophisticated.  The real question is how does information on 80 million people, which can’t be trivial, leave the enterprise without setting off any alarms?"

Topics

News

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.