Anthem Discloses ‘Very Sophisticated’ Cyber Attack

Wednesday's breach hit Anthem's database containing 80 million people.
Katie Kuehner-HebertFebruary 5, 2015

Anthem, one of the nation’s largest health insurers, disclosed late Wednesday that its database of 80 million people was the target of “a very sophisticated external cyber attack.”

NetworkOperationsAccording to a letter by Anthem’s president and chief executive Joseph R. Swedish
 posted on the Indianapolis company’s website, hackers obtained the personal information of “tens of millions” of current and former customers. They include names, birthdays, medical IDs/social security numbers, street and email addresses, and employment information including income data.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

As of Wednesday, there was no evidence that credit card or medical information, such as claims, test results, or diagnostic codes were targeted or compromised. Anthem employee personal information was also accessed.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” Swedish

Besides making “every effort to close the security vulnerability” and contacting to the Federal Bureau of Investigation, Anthem also hired cyber-security firm Mandiant to evaluate its systems and identify solutions “based on the evolving landscape.”

The company notified its current and former customers via email, offering free credit monitoring and identity protection services and a dedicated website and toll-free number for the latest information on the breach.

An FBI spokesman told the Wall Street Journal that the agency is “aware of the Anthem intrusion and is investigating the matter” and praised the insurer for its “initial response in promptly notifying the FBI after observing suspicious network activity.”

Anthem has since reset the passwords of all employees with higher-level access to its data systems and has blocked all access that involves only one password, Anthem’ chief information officer Thomas Miller told the WSJ.