The massive external cyber attack on Anthem that allowed attackers to gain unauthorized access to the managed health care company’s IT system and obtain personal information from millions of current and former customers and employees turns a harsh spotlight on the security of information in healthcare organizations. While details continue to emerge, here’s what we know so far about the information at risk and the company’s response from a message from Joseph Swedish, president and CEO of Anthem, and a FAQ posted to the company’s website:
- The information that was compromised includes names, dates of birth, member IDs and Social Security numbers, addresses, phone numbers, email addresses, and employment information, including income data. Unconfirmed reports indicate that the information was unencrypted.
- There is no evidence that payment card data and medical information, such as claims, test results, and diagnostic codes, were compromised.
- Anthem is working to determine exactly how many members were impacted. Anthem will notify all impacted individuals through written communications in the coming weeks, and will offer them free credit monitoring and identity theft protection services.
- Anthem made every effort to close the security vulnerability once the attack was discovered. Anthem is working to ensure that there is no further vulnerabilities in its database warehouses, and is taking steps to make its systems and security processes better and more secure.
- Anthem notified the FBI and is cooperating in an investigation, and additionally retained security firm Mandiant to evaluate its systems and identify solutions. As of the postings, the attacker has not been identified.
- All lines of Anthem business have been impacted, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
Stay tuned to SCMagazine.com for continued coverage of the Anthem breach.
UPDATE: The number of current and former customers and employees impacted by the breach is now being reported as up to 80 million.
UPDATE 2: Mandiant, the incident response firm tapped by Anthem to investigate the breach, confirmed that threat actors used custom backdoors when attacking the health care company.
UPDATE 3: Weighing in on the breach, security experts are speculating that attackers exploited a vulnerability in Anthem’s IT system, or obtained credentials via social engineering.