Anthem Breach: What You Need to Know
In February, Anthem, the second largest health insurance company in the US, announced the discovery of a massive security breach that may have affected as many as 80 million current and former customers as well as Anthem employees. Dubbed one of the biggest health care security breaches in history, the attack could have repercussions for Anthem customers and associates for years to come.
About the Anthem Breach
Joseph Swedish, the president and CEO of Anthem, reported in a statement on the company's website that, "Anthem was the target of a very sophisticated external cyber attack." No specific information on the type of attack was given, but some sources speculate that it may have been the result of a phishing email.
Information obtained by the hackers included names, dates of birth, medical IDs, social security numbers, addresses, email addresses, employment information and even personal income data. Credit card and health information doesn't appear to have been touched. With an estimated 7.8 million people affected, problems associated with the Anthem breach could cost anywhere from $8 to $16 billion to rectify.
Though the breach was discovered in late January, information may have been compromised beginning as early as December 10th. This means that Anthem's system could have been accessed by hackers for as many as six weeks before the company discovered the problem and reported it to the FBI. The compromise doesn't just affect current Anthem customers; previous customers and individuals using independent insurance companies that Anthem handles paperwork for may also have been hacked.
Dealing With the Aftermath
According to the LA Times, some of the information obtained in the Anthem breach wasn't protected by any kind of encryption. This is not unusual since most health care companies aren't putting as many of their resources as they should into ensuring data security.
Using a behavioral analysis system could help prevent this kind of massive data compromise in the future. These systems are built to "learn" the difference between normal and abnormal network activity including the types of queries that hackers used to access Anthem accounts. In the event of a potential breach, the system sends out an alert so that the activity can be stopped before it becomes a far-reaching problem.
How Anthem Customers Can Stay Safe
Those affected by the Anthem security breach are encouraged to visit AnthemFacts.com, a website set up by the company to help answer questions about the incident. Anthem has also hired AllClrearID to keep an eye out for any suspicious activity with customers' credit.
However, it's up to individuals to ensure their own personal information privacy since a credit report is only one place where unusual transactions may appear. Hackers could use the information from Anthem to open new accounts, commit insurance fraud or send out phishing emails to obtain sensitive data such as passwords.
Anthem customers have several options for monitoring and protecting their information, including:
- Hiring an identity theft protection company
- Setting up credit alerts for the whole family
- Putting fraud alerts in place to increase security at lending institutions
- Getting a free credit report to check for unauthorized activities
- Putting a "freeze" in place to prevent new accounts from being opened and credit report information from being shared
- Monitoring benefits paid out by insurance companies to prevent medical ID theft
- Paying close attention to emails and reporting all phishing messages received
Anthem isn't the first health care company to experience a data breach, and it won't be the last. Customers need to remain diligent in monitoring activity on all personal accounts to ensure the safety of their information and avert identity theft.