Anthem, the second largest health insurer in the United States, has admitted that hackers broke into its servers and accessed databases containing sensitive customer information.
According to a statement
issued by Anthem, who were formerly known as Wellpoint, both current and former customers are at risk after the hackers managed to gain access to systems containing names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information. Income data of customers was also exposed to the hackers.
As is the norm these days, the company describes the hack as "very sophisticated". No-one, after all, likes to admit that a security breach was plain and ordinary - as that would look like they were caught napping.
Anthem says that it has made attempts to close down the vulnerability (details of which are currently undisclosed) through which the hackers managed to gain access, and called in law enforcement and security specialists to help them investigate the breach.
Fortunately, there is no evidence at the moment that payment card information or medical data (such as claims or test results) were compromised. Nonetheless, it seems possible that the personal information of tens of millions of Americans have fallen into the hands of criminals, who could now exploit the details for their own gain.
It appears that amongst the victims of the hack are employees of the health insurer, including Anthem's President and CEO, Joseph R Swedish, as he explained in a statement about the breach:
"Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data."
The following plans are said to be affected:
- Anthem Blue Cross
- Anthem Blue Cross and Blue Shield
- Blue Cross and Blue Shield of Georgia
- Empire Blue Cross and Blue Shield
Anthem has put together an online FAQ
for concerned customers, and says it will contact those affected by the security breach in the coming weeks via mail.
In addition, they have made a toll-free number available for current and former members to call if they have any questions (1-877-263-7995).
I'm pleased to see Anthem publishing information about the security breach online, and I'm sure customers will be grateful that the company has not tried to hide away the news, but is at least trying to alert visitors to its website at anthem.com
that there has been a serious incident.
But what's really necessary is for companies and organisations to do a better job at protecting our personal information. Too many firms who are entrusted with data from the general public are finding themselves in the uncomfortable position of admitting that they have been hacked. Consumers deserve better than this, and need to feel as though organisations are as good as their word and doing everything possible to minimise the potential for an attack to succeed.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. If you are interesting in contributing to The State of Security, contact us here.