- Hackers allegedly broke into Anthem, Inc.’s database last week, potentially compromising the personal information of approximately 80 million former and current customers, as well as employees, according to multiple reports.
The information potentially compromised includes names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses, according to a statement from Anthem president and CEO Joseph Swedish posted on the company website. Employment information, some of which included income data, might also be at risk in the Anthem health data breach.
“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”
Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach. It was a “very sophisticated external cyber attack,” according to Swedish, and despite Anthem’s best efforts and “state-of-the-art information security systems” its IT system was breached.
“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.
Anthem will notify the current and former customers who may have had their information compromised, and will also offer free credit monitoring and identity protection services to those who were affected.
“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”
The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach, according to a HITRUST statement.
“Upon further investigation and analysis it is believed to be a targeted advanced persistent threat (APT) actor. With that information, HITRUST determined it was not necessary to issue a broad industry alert,” the statement read.
“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”
Because of Anthem’s “strong information security controls, comprehensive assessment process, participation in cyber preparedness exercises and cyber threat information sharing,” it was able to properly detect, analyze and collaborate to help mitigate the issue, according to HITRUST.
We will update this story as more information becomes available.