Anthem hacked, customers’ data stolen
Millions of Anthem Inc. insurance customers’ account data was stolen when the company was hacked this week, the company announced on late Wednesday.
The hackers gained access to Anthem’s computer system, making off with names, birthdays, medical IDs, Social Security numbers, home addresses, email addresses, employment information including income, and more.
Anthem, which has about 80 million customers in 14 states, including Connecticut and New York, is the second-largest health insurance company in the nation.
The company, in an email to its customers sent out Wednesday night, said it has “state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem Blue Cross Blue Shield was the target of a very sophisticated external cyber attack.”
The company says the attackers gained access to Anthem’s IT system, obtaining personal information of current and former customers.
“Based on what we know now, there is no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised,” Joseph Swedish, the Anthem president and CEO, wrote in the email to customers.
If no medical information was stolen, the hacking would not fall under the 1996 Health Insurance Portability & Accountability Act, known as HIPAA, that governs medical information confidentiality and security.
Once the attack was discovered, Swedish said, the company “made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”
Anthem also hired Mandiant, a leading cybersecurity firm, to evaluate its systems and identify solutions.
“Anthem’s own associates’ personal information – including my own – was accessed during this security breach,” Swedish wrote. “We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”
Anthem plans individually notify current and former customers whose information was accessed, Swedish said. “We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind,” he wrote.
The company created a website, AnthemFacts.com, where customers can access information and answers about the hacking. Anthem also has a dedicated phone number for current and past members to use to ask questions about the attack. It is 877-263-7995.
“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish wrote. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem. “