News just broke about yet another major data breach - Anthem, our nation’s second-largest insurance provider, has been hacked. Last week an employee noticed a database query was being run using his code without his authorization. After determining it was an attack on their systems, Anthem informed the FBI and hired Mandiant, a cybersecurity unit, to investigate.
Attacks of health care companies are on the rise because they are a treasure trove of data. The previous largest-known data breach of a health-care company was last year’s attack on Community Health Systems Inc., with about 4.5 million affected. Anthem’s breach affects approximately 80 million people, both customers and employees (former and current). How the hackers accessed Anthem’s database is unknown at this time, but personal information such as names, birthdates, addresses, employment details, and Social Security numbers were stolen. They claim no medical information or credit/bank account numbers were accessed and that they haven’t seen any evidence (yet) that the stolen information has been sold on the black market. Anthem has since changed all passwords of employees with high-level access and blocked access that required only one password. Anthem plans to send everyone who may have been affected a letter or email notifying them of the breach and will provide a credit-monitoring service. This does not mean those affected can relax, however. It’s possible that the thieves may hold onto the information for years before using or selling the information.
Health care companies are required by federal law to disclose security breaches that involve personally identifiable information, but they have up to 60 days after they discover the attack to report it. This is good news for consumers that Anthem announced to the public almost immediately after discovering their breach, as it enables us to be proactive on our end to prevent the hackers from doing anything with our information. The White House is scheduled to host a summit on cyber security next month.
If you are one of the 80 million people who may have been affected by this security breach, be sure to sign up for the credit-monitoring service offered and keep a very close eye on all accounts. You’ll need to be extra vigilant for quite some time to ensure no issues arise. If you suspect someone may actually be using your information fraudulently, call us to find out how we can help you set things right.