80M-Record Anthem Inc Data Breach Announced

The recently announced Anthem Inc data breach has exposed the personal information of up to 80 million individuals, in the largest ever successful hack of healthcare data ever recorded.

Last year saw the second largest ever healthcare breach when the records of 4.5 million patients of Community Health Systems were exposed, which affected nearly as many people as the previous record holder; the 4.9-million data breach at Tricare in 2011. The latest breach is on an entirely different scale and ranks as one of the largest ever data breaches of any industry. Only Heartland Payment Systems, Target and Sony Online Entertainment Services have had more data accessed by hackers.

The past two years have seen major successes for hackers, who have managed to steal tens of millions of records from retailers such as Target – 110 million records – and Home Depot – 56 million credit card numbers – as well as the entertainment industry with the 102 million record breach at Sony Online Entertainment Services. The finance industry did not escape either, with JP Morgan Chase registering a 76 million- record data breach last year.

This is not the first time Anthem has exposed member records. Between Oct. 23, 2009 and Mar. 7, 2010 a 612,402-record breach occurred, although at the time the company was operating under the name of WellPoint Inc. Its members had their health records and personal information exposed and the company had to settle with the Department of Health and Human Services’ Office for Civil Rights for $1.7 million for the HIPAA violations which led to the breach.

Anthem Inc Data Breach is the Largest PHI Breach Ever Reported

However, the scale of the latest Anthem Inc data breach is astonishing. Hackers are understood to have gained access to an Anthem server and have potentially copied up to 80 million records including personally identifiable information and Social Security numbers. Names, dates of birth, addresses and email addresses were present in the data set, along with medical IDs, and in some cases, employment information.

According to Anthem president and CEO, Joseph Swedish, “Based on what we know now, there is no evidence that credit card details or medical information such as claims, test results and diagnostic codes were targeted or compromised.” He also said “we are working around the clock to do everything we can to further secure your data,” and mentioned that his own personal information was also compromised in the attack.

The breach was first identified last week by Anthem and the FBI was alerted. An investigation is currently underway and Anthem is assisting law enforcement and trying to identify those responsible and bring them to justice.

So far only limited details have been released to the press about the incident. Anthem has not yet determined the number of people affected, although it did confirm that the server to which the hackers gained access contained approximately 80 million records.

HIPAA regulations were introduced to keep Protected Health Information private. No PHI was apparently stolen, but personally identifiable information also comes under Health Insurance Portability and Accountability Act legislation and the OCR is likely to take an interest in this breach and conduct an investigation.

Full Extent of the Behemoth Anthem Inc Data Breach yet to be Determined

In a statement released to the media, Anthem Spokeswoman, Cindy Wakefield, said “the investigation is ongoing and an exact total of the victims have not yet been established, but they will be notified by post in due course if their data was stored on the server.”

The data obtained by the thieves can be used to commit medical and identity fraud and employees and plan members will need to take precautions and be vigilant for signs of fraud.

Further information on the Anthem Inc data breach is available from anthemfacts.com, a website set up by the insurer specifically to provide potential victims with information. The company is advising all plan members to contact the FBI if they believe they have suffered identity or medical fraud, or think their data has otherwise been used inappropriately as a result of the recent Anthem Inc data breach.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news