Anthem, one of the nation’s largest health insurers, disclosed late Wednesday that its database of 80 million people was the target of “a very sophisticated external cyber attack.”
According to a letter by Anthem’s president and chief executive Joseph R. Swedish posted on the Indianapolis company’s website, hackers obtained the personal information of “tens of millions” of current and former customers. They include names, birthdays, medical IDs/social security numbers, street and email addresses, and employment information including income data.
As of Wednesday, there was no evidence that credit card or medical information, such as claims, test results, or diagnostic codes were targeted or compromised. Anthem employee personal information was also accessed.
“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” Swedish wrote.
Besides making “every effort to close the security vulnerability” and contacting to the Federal Bureau of Investigation, Anthem also hired cyber-security firm Mandiant to evaluate its systems and identify solutions “based on the evolving landscape.”
The company notified its current and former customers via email, offering free credit monitoring and identity protection services and a dedicated website and toll-free number for the latest information on the breach.
An FBI spokesman told the Wall Street Journal that the agency is “aware of the Anthem intrusion and is investigating the matter” and praised the insurer for its “initial response in promptly notifying the FBI after observing suspicious network activity.”
Anthem has since reset the passwords of all employees with higher-level access to its data systems and has blocked all access that involves only one password, Anthem’ chief information officer Thomas Miller told the WSJ.