The second largest health insurer in the U.S. is scrambling to deal with the exposure of data for 80 million customers.
Up to 80 million customers – including the CEO – of the Anthem insurance company have had their private data stolen as the insurer has said in a statement that it was the victim of a tremendous security breach.
The president and CEO announced that “Anthem was the target of a very sophisticated external cyber attack.”
Joseph Swedish, the CEO and President of the insurance company, posted a statement on the Anthem official website that was written to provide information about this data breach. The statement explained that hackers managed to access the computer system at Anthem and, through it, took hold of considerable private and sensitive information that included customer names, birthdates, Social Security numbers, medical identifications, street addresses, employment information, email addresses, and income data.
The insurance company database that was accessed in the breach contained about 80 million customer records.
However, a spokesperson for Anthem, Cindy Wakefield, expressed that the health insurance provider is “are still investigating to determine how many were impacted. At this point we believe it was tens of millions.”
If this is, indeed, the case, it would become “the largest health care breach to date,” according to a Mandiant spokesperson named Victor De Souza. Mandiant is Anthem’s computer security company which has been hired for an evaluation of its systems.
So far, it does not appear that patient medical information has been accessed, which means that this cyber attack does not fall under the rules of HIPAA (the 1996 Health Insurance Portability and Accountability Act), which is responsible for the governance of the security and confidentiality of medical data.
The insurance company has also stated in an emailed statement that no credit card data was accessed by the attackers.
The vArmour computer security firm’s CEO, Tim Eades, said that it is unlikely that the hackers were trying to use the attack to be able to obtain insurance company customer medical information. Instead, he stated that “The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it.”