This morning, health insurer Anthem announced that it was the victim of a massive
data breach, affecting nearly 80 million customers. According to Anthem, the breach was initially detected on January 29th, and since then the company has been working with the FBI to investigate the incident. External attackers were able to compromise sections of the network contained names, SSNs, birthdates, addresses, and employment information. Anthem was careful to note that no health information or medical records were part of the breach, a major concern due to issues with HIPAA. Anthem is one of the nation’s largest insurance companies, with a variety of plans and programs, including Anthem Blue Cross and Anthem Blue Cross and Blue Shield.
As a Customer, What Can You Do?
If you feel like you may have been affected by the breach (meaning you are or have been an Anthem customer), you can go to www.AnthemFacts.com for some extra information or call the toll-free number that Anthem has set up, 1-877-263-7995. Additionally, Anthem has said they will be communicating with all affected customers in the near future with regards to identity theft protection and added measures that they can take after the breach. Finally, as always, remain vigilant of your own accounts for any suspicious activity.
What Can Healthcare Companies Do?
Without a lot of specific information on the nature of the attack, it’s impossible to provide specific recommendations for preventing your company from being the victim of a similar attack. However, SecureState has worked with many health insurance companies in the past, and we have a variety of opinions on what the healthcare industry as a whole can do to improve. We have seen improvement in recent years in the security controls in place in the healthcare industry in the past few years, but obviously it’s not enough. In the coming days, we will discuss our views on the current state of healthcare security, how well Anthem is handling the fallout from this breach, and any additional insight we have on this incident.