Health Insurer Anthem Struck By Potential Largest Healthcare Related Data Breach in History

By Karen Painter Randall

On February 4, 2015, Anthem Inc., the second largest health insurer in America revealed that hackers broke into the company’s servers and stole social security numbers and other personal information.   This is a massive data breach with the potential to expose the information of nearly 80 million Anthem customers and has the potential to be the largest health care related data breach in history. 

In an email, the company stated that they were the target of a very sophisticated external cyber-attack. The attackers gained unauthorized access to Anthem’s IT system, and obtained personal information from their current and former members including their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.  However, Anthem advised that based upon the information known to date, there was no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised.

After discovering the data breach the company contacted law enforcement, and has stated that they are working with the FBI and cooperating in their investigation.  The company says it will provide credit monitoring and identity protection services free of charge to those who have been affected.  Furthermore, Anthem says it is conducting an extensive IT Forensic Investigation to determine which customers were impacted, and will notify all Anthem members who are impacted through a written communication.

Because no medical information was stolen it does not appear that Anthem will be subject to HIPAA.  Nevertheless, this is the largest health care breach to date and another in a long line of breaches that continue to have a deep and disheartening effect on consumer behavior and the smooth flow of commerce both in the U.S. and worldwide.