US health insurer Anthem hit by massive data breach
Staff, clients and former customers at risk of identity theft in wake of breach
US health insurance provider Anthem has confirmed hackers have gained access to its IT systems, putting the personal information of millions of customers at risk.
The company announced the data breach in a note on its website by the firm's president and CEO Joseph Swedish, who described the attack as "very sophisticated".
Hackers managed to gain access to a wide range of personal information belonging to its clients, including names, birthdays, medical IDs, social security numbers, addresses and employment data.
This combination of data could leave victims at risk of identity theft, fears Jaime Blasco, vice president and chief scientist at security vendor AlienVault.
Furthermore, he said the scale of the breach means it could be considered one of the biggest ever.
"If confirmed, we are dealing with one of the biggest data breaches in history and probably the biggest data breach in the healthcare industry," he said.
"For individuals, in a few words, it is a nightmare. If the attackers had access to names, birthdays, addresses and social security numbers, it means that information can be easily used to carry out identity theft schemes."
Despite this, the company has been quick to stress that no credit card details or patient data have been compromised.
"Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation," Swedish wrote.
The personal data of the company's staff was also affected by the breach, he revealed, including his own, along with that of its former customers.
According to an article on USA Today, up to 80 million people could be affected by this data breach.
"We join you in your concern and frustration, and I assure you that we are working around the cloud to do everything we can to further secure your data," he added.
As a safety precaution, the company is offering affected customers access to free credit monitoring and identity protection services, and has launched a standalone website for people concerned their data may have been accessed.
"I want to personally apologise to each of you for what has happened, as I know you expect us to protect your information.
"We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem," Swedish concluded.
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now