Anthem Inc. reports potentially largest database breach of a health-care company

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

HARTFORD – The country’s second-biggest health insurer, Anthem Inc., reported that its 80 million+ database was hacked recently, in what is likely to be the largest data breach disclosed by a health-care company.

The extent of the incursion has not been revealed yet, but the company says it is likely that “tens of millions” of records were stolen.  Records which contain the names, birthdays, addresses,and Social Security numbers of its customers and employees, but don’t appear to involve medical information or financial details such as credit-card or bank-account numbers.

The number of people affected can not be determined presently, but it appears so far that the attack, which was detected last week, is the only breach of Anthem’s systems, according to Thomas Miller, the insurer’s chief information officer.  The company offers Blue Cross Blue Shield plans in Connecticut, among other states, and is reaching out to everyone whose information was stored in the hacked database with a letter and, where possible, email. It is also setting up an informational website and will offer to provide a credit-monitoring service.

Anthem’s Mr. Miller said the company wanted “to share the information as soon as possible.” Federal law requires health-care companies to inform consumers and regulators when they suffer a data breach involving personally identifiable information, but they have as many as 60 days after the discovery of an attack to report it.

Mr. Damato, of FireEye, said the firm has seen more cyberattacks specifically targeting health-care concerns, because those companies often hold rich stores of consumer data, specifically medically related. He said the Anthem attack was “sophisticated” and used techniques that appeared to have been customized, rather than broadly available tools, and were “very advanced.”

Anthem said it doesn’t expect the incident to affect its 2015 financial outlook, “primarily as a result of normal contingency planning and preparation.”