Anthem medical data breach

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Anthem medical data breach was a medical data breach of information held by Anthem Inc.

On February 4, 2015, Anthem, Inc. disclosed that criminal hackers had broken into its servers and potentially stolen over 37.5 million records that contain personally identifiable information from its servers.[1] On February 24, 2015 Anthem raised the number to 78.8 million people whose personal information was affected. [2] According to Anthem, Inc., the data breach extended into multiple brands Anthem, Inc. uses to market its healthcare plans, including, Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, and UniCare.[3] Healthlink says it was also a victim.[4] Anthem says the medical information and financial data was not compromised. Anthem has offered free credit monitoring in the wake of the breach.[5] According to Bloomberg News, China may be responsible for this data breach. Michael Daniel, chief adviser on cybersecurity for President Barack Obama, said he would be changing his own password.[6] According to The New York Times about 80 million company records were hacked, and there is fear that the stolen data will be used for identity theft. [7] The compromised information contained names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data.[8][9]

Theft of the data[edit]

The data was stolen over a period of weeks the month before the data breach was discovered.[10]

Anthem was not required by law to encrypt the data.[11] However, Anthem faced several civil class-action lawsuits, which were settled in 2017 at a cost of $115 million. Anthem did not admit any wrongdoing in the settlement.[12]

Use of the data[edit]

Data from the attack is expected to be sold on the black market.[13]


Persons whose data was stolen could have resulting problems about identity theft for the rest of their lives.[14] Anthem had a US$100 million insurance policy for cyber problems from American International Group.[15] One report suggested that all of this money could be consumed by the process of notifying customers of the breach.[15]


Anthem advised people whose data was stolen to monitor their accounts and remain vigilant.[16]

Anthem retained Mandiant to review their security systems.[17]

The theft of the data raised fears generally about the theft of medical information.[18][19] A writer from Harvard Law School suggested that this data breach might spark reform of security practices and government data safety regulation.[20]

An investigation conducted by several state insurance commissioners blames the breach on an attacker whose identity was withheld, and claims that the breach was likely ordered by a foreign government whose name was withheld.[21] It also concluded that Anthem had taken reasonable measures to protect its data before the breach and that its remediation plan was effective at shutting down the breach once it was discovered.[21] It also marks the starting date of the breach as February 18, 2014.[21]

A class action settlement[22] is in the process of notifying potential victims on a rolling basis through October 30, 2017, see Data Breach Litigation


  1. ^ Riley, Charles (4 February 2015). "Insurance giant Anthem hit by massive data breach". Retrieved 20 February 2015. 
  2. ^ Mathews, Anna (24 February 2015). "Anthem: Hacked Database Included 78.8 Million People". Retrieved 24 February 2015. 
  3. ^ "Data Breach at Health Insurer Anthem Could Impact Millions — Krebs on Security". 
  4. ^ "Healthlink homepage". Center of page; even the Anthem page doesn't reference Healthlink. Retrieved 10 February 2015. 
  5. ^ Pepitone, Julianne. "Anthem Hack: Credit Monitoring Won't Catch Medical Identity Theft". NBC News. Retrieved 5 February 2015. 
  6. ^ Michael A Riley (5 February 2015). "Chinese State-Sponsored Hackers Suspected in Anthem Attack". 
  7. ^ Abelson, Reed; Goldstein, Matthew (5 February 2015). "Anthem Hacking Points to Security Vulnerability of Health Care Industry". The New York Times. 
  8. ^ Weise, Elizabeth (5 February 2015). "Massive breach at health care company Anthem Inc". USA Today. McLean, VA: Gannett. ISSN 0734-7456. Retrieved 20 February 2015. 
  9. ^ Mathews, Anna; Yadron, Danny (4 February 2015). "Health Insurer Anthem Hit by Hackers - WSJ". Retrieved 20 February 2015. 
  10. ^ Zetter, Kim (5 February 2015). "Health Insurer Anthem Is Hacked, Exposing Millions of Patients' Data". Retrieved 20 February 2015. 
  11. ^ Whitney, Lance (6 February 2015). "Anthem's stolen customer data not encrypted - CNET". Retrieved 20 March 2015. 
  12. ^ Freeman, Liz (26 June 2017). "Anthem settles a security breach lawsuit affecting 80M". Retrieved 20 November 2017. 
  13. ^ Murphy, Tom; Bailey, Brandon (6 February 2015). "Why hackers are targeting the medical sector". Retrieved 20 February 2015. 
  14. ^ Rudavsky, Shari (7 February 2015). "Anthem data breach could be 'lifelong battle' for customers". Retrieved 20 February 2015. 
  15. ^ a b Osborne, Charlie (12 February 2015). "Anthem data breach cost likely to smash $100 million barrier | ZDNet". ZDNet. Retrieved 20 February 2015. 
  16. ^ Popken, Ben; Grant, Kelli (6 February 2015). "Anthem Breach: What Should I Do Right Now?". Retrieved 20 February 2015. 
  17. ^ McNeal, Gregory S. (4 February 2015). "Health Insurer Anthem Struck By Massive Data Breach". Retrieved 20 February 2015. 
  18. ^ Terhune, Chad (5 February 2015). "Anthem hack raises fears about medical data - LA Times". Los Angeles Times. Los Angeles: Tribune Co. ISSN 0458-3035. Retrieved 20 February 2015. 
  19. ^ Abelson, Reed; Creswellfeb, Julie (6 February 2015). "Data Breach at Anthem May Forecast a Trend -". The New York Times. New York: NYTC. ISSN 0362-4331. Retrieved 20 February 2015. 
  20. ^ Terry, Nicholas (7 February 2015). "Time for a Healthcare Data Breach Review? | Bill of Health". Petrie-Flom Center for Health Law Policy at Harvard Law School. Retrieved 20 February 2015. 
  21. ^ a b c "Investigation of major Anthem cyber breach reveals foreign nation behind breach" (Press release). Sacramento, California: California Department of Insurance. 2017-01-17. Retrieved 2017-02-16. 
  22. ^ "Welcome to In re Anthem, Inc. Data Breach Litigation Settlement Website". Retrieved 2017-11-15. 

External links[edit]