As many as 80 million customers of the nation’s second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement. “Anthem was the target of a very sophisticated external cyber attack,” Anthem president and CEO Joseph Swedish said in a statement posted on a website the company created for information about the incident. The hackers gained access to Anthem’s computer system and got information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data, Swedish said. The affected database had records for approximately 80 million people in it, “but we are still investigating to determine how many were impacted. At this point we believe it was tens of millions,” said Cindy Wakefield, an Anthem spokeswoman.
That would make it “the largest health care breach to date,” said Vitor De Souza, a spokesman for Mandiant, the computer security company Anthem has hired to evaluate its systems. Because no actual medical information appears to have been stolen, the breach would not come under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.No credit card information was obtained, the company said in a statement e-mailed to USA TODAY. The hackers were probably not interested in medical information about Anthem’s customers, said Tim Eades, CEO of computer security firm vArmour in Mountain View, Calif.
“The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it,” he said. Both current and former customers were hit, Swedish said. Anthem has established a website, www.anthemfacts.com, where members can access information about the breach. There is also a toll-free number for current and former members to call, 877-263-7995. More