Hackers Who Stole Anthem’s Database Got Names, Birthdates, Social Security Numbers
Officials warn customers of possible identity theft from one of the biggest data breaches on record.
USA Today:
Millions Of Anthem Customers Alerted To Hack
Millions of Anthem health insurance customers woke Thursday morning to an e-mail from the company telling them hackers had gained access to the company's computers and that their names, birthdays, Social Security numbers, addresses and employment data including income might have been stolen. "Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection free of charge so that those who have been affected can have peace of mind," Anthem President and CEO Joseph Swedish said in the e-mail. (Weise, 2/5)
Los Angeles Times:
Anthem Hack Exposes Data On 80 Million; Experts Warn Of Identity Theft
The attack on the nation’s second-largest health insurer could be one of the largest data breaches in the healthcare industry, experts said. Anthem said hackers infiltrated a database containing records on as many as 80 million people. Hackers appear to have accessed customers' names, dates of birth, Social Security numbers, member ID numbers, addresses, phone numbers, email addresses and employment information, Anthem said. Some of the customer data may also include details on their income. At this point, it appears that the data stolen do not include medical information or credit card numbers, according to the company. (Terhune, 2/5)
The Wall Street Journal:
Health Insurer Anthem Didn’t Encrypt Data In Theft
Anthem Inc. stored the Social Security numbers of 80 million customers without encrypting them, the result of what a person familiar with the matter described as a difficult balancing act between protecting the information and making it useful. Scrambling the data, which included addresses and phone numbers, could have made it less valuable to hackers or harder to access in bulk. It also would have made it harder for Anthem employees to track health care trends or share data with states and health providers, that person said. (Yadron and Beck, 2/5)
The New York Times:
Experts Suspect Lax Security Left Anthem Vulnerable To Hackers
The cyberattack on Anthem, one of the nation’s largest health insurers, points to the vulnerability of health care companies, which security specialists say are behind other industries in protecting sensitive personal information. Experts said the information was vulnerable because Anthem did not take steps, like protecting the data in its computers though encryption, in the same way it protected medical information that was sent or shared outside of the database. (Abelson and Goldstein, 2/5)
The Associated Press:
Gov't Investigating If Medicare Data Stolen In Anthem Hack
The federal government is investigating whether the personal information of Medicare beneficiaries was stolen by hackers who breached health insurer Anthem's computer networks. The Health and Human Services inspector general's office said Thursday it is assessing whether personal data about Medicare and Medicaid beneficiaries has been compromised. (Alonso-Zaldivar, 2/5)
Los Angeles Times:
Anthem Hack Raises Fears About Medical Data
All this comes at a time when Anthem is spearheading an ambitious effort to build a controversial database of medical records on 9 million Californians for use by hospitals and doctors. In light of the data breach, patient advocates called on consumers to boycott the Anthem-led California Integrated Data Exchange, or Cal Index, as it prepares to launch this year. California's insurance commissioner said he and other regulators will examine whether the Indianapolis-based company is doing enough to prevent future breaches. (Terhune, 2/5)
USA Today also examines past issues with the company -
USA Today:
Anthem Fined $1.7 Million In 2010 Breach
Anthem, which revealed Wednesday that the records of 80 million of its customers had potentially been breached, was fined $1.7 million for a 2010 computer breach that resulted in the disclosure of personal information of approximately 612,000 people. The fine was levied by the U.S. Department of Health and Human Services under HIPAA, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information. (Weise, 2/5)
In addition, the Aetna announcement forced another company to talk about its security -
Bloomberg:
Cigna Has Multiple Layers Of Hacking Protection, CEO Says
David Cordani, chief executive officer of Cigna Corp., talks about the health insurer's fourth-quarter profit, the potential impact of a forthcoming U.S. Supreme Court ruling about the Affordable Care Act on the company and steps Cigna takes to prevent the hacking of customer information. (Steel and Ruhle, 2/5)