Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers.
The company says it is not sure yet how many customers are affected, but Anthem claims to have 69 million customers across its product lines. In a statement, Anthem, which was previously known as WellPoint Health Networks, said that the company was the victim of a targeted, sophisticated attack.
“Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” CEO Joseph Swedish said in a statement.
Swedish said the company is cooperating with the FBI and has hired Mandiant to investigate the attack, as well. Anthem said in in an FAQ that all of the company’s product lines are affected by the breach.
Given the size of the Anthem customer base, this could turn out to be one of the larger data breaches in U.S. history. The scope of the information the attackers obtained could give them broad access to victims’ personal lives.
“If confirmed, we are dealing with one of the biggest data breaches in history and probably the biggest data breach in the healthcare industry. If you are wondering what it means for individuals, in a few words: it is a nightmare,” said Jamie Blasco, vice president and chief scientist at AlienVault. “
If the attackers had access to names, birthdays, addresses and social security numbers, it means that information can be easily used to carry out identity theft schemes. It is yet unclear who is behind the attack, but if the group behind that compromised Anthem and plans to sell that information on the black market, it means cybercriminals can buy access to the stolen data and use that information to drain your bank account, open new credit accounts and telephone accounts or even utility accounts. They can even obtain medical care using your information.”
The one bright spot is that the attackers don’t appear to have had access to customers’ credit card information.
