Anthem Inc., has recently settled a class-action lawsuit filed by the victims of its 2015 data breach that saw 78.8 million health insurance records stolen by hackers. The insurer settled the case for $118 million. A month after the settlement was announced, the company has confirmed its plan members have been affected by another data breach. This time the insurance records of 18,580 individuals have been exposed.
The breach occurred at one of Anthem’s business associates – LaunchPoint Ventures. LaunchPoint Ventures is contracted to provide coordination services to Anthem, which involves being provided with a limited amount of personal information of plan holders.
Some of that information was accessed by a former employee of the firm and was emailed to a personal email account. While the incident has only just been discovered, it actually occurred more than a year ago on July 8, 2016.
LaunchPoint became aware of the breach in April 2017 and immediately conducted an investigation. That investigation took a long time to complete. It took LaunchPoint until June to identify the individuals affected.
After locating the emailed file, LaunchPoint was able to confirm that Medicaid identification numbers, Medicare contract numbers, health plan ID numbers and Social Security numbers had been stolen. Some plan members’ last names and dates of birth were also present in the file. In addition to the PHI of Anthem’s plan holders, in May, LaunchPoint discovered that other individuals’ PHI may also have been misused by the employee.
The employee was terminated as a result of the incident and Anthem reports that the individual is now in jail for an unrelated incident. The investigation into the breach is continuing and LaunchPoint is assisting law enforcement with the investigation.
LaunchPoint has explained that the individual was “likely involved in identity theft related activities”. All affected individuals have been offered credit monitoring and identity theft restoration services for two years without charge.