The personal information of 80 million current and former customers of Anthem Healthcare, the second largest health insurer in the US, were exposed in what the CEO called a “sophisticated external cyber attack” on Wednesday. The number of victims may make this the largest data breach involving a US health insurer.
The amount of information obtained dwarfs a previous attack Chinese hackers made on Community Health Systems. In August 2014, the FBI warned the healthcare industry it was being targeted after the Community Health attack.
“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” US Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday.
Anthem has been working with the FBI since discovering the breach. It also retained cybersecurity firm FireEye to evaluate Anthem’s cybersecurity processes and systems after the attack. FireEye was recently involved in discovering an insider trading scheme and was brought in to investigate after the hack at JP Morgan.
There is no evidence that credit card or medical information was taken but the hackers gained access to names, medical IDs, social security numbers, employment data including income and email addresses. The information they do have access to is plenty to create some problems. According to a Google study released in November, hackers use email address and financial information to narrow down lucrative targets then use that information to gain access to bank and investment accounts.
“Anthem detected the breach itself, which puts it in the minority among companies subject to such attacks, and ‘organizations don’t typically provide notification this early on,’” said David Damato, managing director at FireEye Inc., owner of cybersecurity unit Mandiant to the Wall Street Journal.
Anthem is offering free credit and identity theft protection services to those whose information was stolen. It also set up a dedicated website, www.anthemfacts.com and telephone number customers can call with questions related to the security breach. Anthem CEO Joe Swedish apologized and said that his personal information was part of the breach as well.
This attack ranks as one of the largest of recent attacks. JP Morgan exposed 76 million customers, Home Depot 56 million, and Target 40 million customers. Unfortunately, it has been a big year for cyberattacks. Kmart, Dairy Queen, Xbox, Sony and ICANN have all been the target of hacks designed to obtain sensitive data.