Anthem, America's second biggest health insurer, HACKED: Millions hit by breach

Social security numbers, employment records, the lot


Hackers have invaded the servers of Anthem, a health insurer used by tens of millions of Americans, and stolen social security numbers, employment records, personal contact details and more. A veritable treasure trove for identity thieves.

Anthem, the US's second biggest health insurer with about 70 million people on its books across the country, admitted late on Wednesday, Pacific time, that it has been comprehensively ransacked by criminals. Tens of millions of records are likely to have been obtained illegally as a result of the hack, Anthem warned.

If your plan is branded Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; or DeCare, you are at risk – your data may have been taken by thieves.

Former Anthem customers are just as affected, we're told. Jackpot.

The health giant, based in Indianapolis, has hired infosec biz Mandiant to work out which customers have had their files accessed. According to this official FAQ, "no diagnosis or treatment data was exposed" nor any credit card information.

It is not clear when the company's databases were infiltrated nor precisely when the compromise was detected – just that it was discovered some time last week. Staff with high-level access to the IT systems have had their passwords reset, and those using single-factor authentication locked out, we're told.

People whose records were slurped by the hackers will be warned by mail in the following days. Anthem is offering free credit and identity-theft monitoring cover to those hit by the network security breach.

As yet, no one is saying publicly who is behind the attack nor how they managed to infiltrate Anthem's networks. The insurer says it is "doing everything it can to ensure there is no further vulnerability to its database warehouses."

Register staff are among those at risk: Anthem Blue Cross is our healthcare insurer in California. Tonight, we received this email from Anthem CEO Joseph Swedish:

Anthem Blue Cross was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.

Based on what we know now, there is no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised.

"Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data," the chief exec added.

"I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information."

Indeed we did. Popping a huge healthcare insurer was only a matter of time: the data will be worth a pretty penny, and all of it sitting there, conveniently in one place, just waiting to be seized.

You can visit anthemfacts.com for slightly more information at this time, or call 1-877-263-7995. We'll publish more facts when we have them.

The FBI has been informed, and is investigating – so Pyongyang, get your best excuses ready. ®

Similar topics

Narrower topics


Other stories you might like

  • Healthcare organizations face rising ransomware attacks – and are paying up
    Via their insurance companies, natch

    Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.

    The outfit's team also found that while polled healthcare orgs are quite likely to pay ransoms, they rarely get all of their data returned if they do so. In addition, 78 percent of organizations are signing up for cyber insurance in hopes of reducing their financial risks, and 97 percent of the time the insurance company paid some or all of the ransomware-related costs.

    However, while insurance companies pay out in almost every case and are fueling an improvement in cyber defenses, healthcare organizations – as with other industries – are finding it increasingly difficult to get insured in the first place.

    Continue reading
  • Oracle plans US database for electronic health records
    Based in the Big Red cloud, the system will suck up records from hospitals and physicians, says CTO Larry Ellison

    Oracle is planning to build a national database of individuals' health records for the whole United States following its $28.3 billion acquisition of electronic health records specialist Cerner.

    In a presentation, CTO and founder Larry Ellison said electronic health records for individual patients were stored by hospitals and physicians, and not replicated or shared between providers.

    "We're going to solve this problem by putting a unified national health records database on top of all of these thousands of separate hospital databases," Ellison said.

    Continue reading
  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • IBM CEO explains why he offloaded Watson Health: Not enough domain expertise
    And not enough customers, Shirley?

    IBM chairman and CEO Arvind Krishna says it offloaded Watson Health this year because it doesn't have the requisite vertical expertise in the healthcare sector.

    Talking at stock market analyst Bernstein's 38th Annual Strategic Decisions Conference, the big boss was asked to outline the context for selling the healthcare data and analytics assets of the business to private equity provider Francisco Partners for $1 billion in January.

    "Watson Health's divestment has got nothing to do with our commitment to AI and tor the Watson Brand," he told the audience. The "Watson brand will be our carrier for AI."

    Continue reading
  • Nuance helps launch healthcare AI industry group
    Microsoft embraces Nuance to deepen its healthcare connections

    Microsoft's purchase of AI company Nuance got Redmond's foot in the door of the healthcare industry, and it's widening the opening as Nuance helps form an industry group to explore applications of AI in hospitals and clinics.

    Nuance and The Health Management Academy – a peer group made up of healthcare executives from the top 150 US hospital systems, announced on Wednesday the formation of The AI Collaborative. The Collaborative will specifically consist of Academy members from hospital groups that have already deployed or are deploying AI and ML systems in healthcare settings. 

    AI has a wide range of applications in the healthcare industry, for many of which Nuance already has a product. One of its most well known is speech recognition and conversational AI platform Dragon Naturally Speaking, which is used by clinicians for speech recognition tasks like note taking and session transcripts. 

    Continue reading
  • Can AI transformer models help design drugs and treat incurable diseases?
    From protein prediction to drug generation, neural networks are revolutionizing medication

    Special report AI can study chemical molecules in ways scientists can't comprehend, automatically predicting complex protein structures and designing new drugs, despite having no real understanding of science.

    The power to design new drugs at scale is no longer limited to Big Pharma. Startups armed with the right algorithms, data, and compute can invent tens of thousands of molecules in just a few hours. New machine learning architectures, including transformers, are automating parts of the design process, helping scientists develop new drugs for difficult diseases like Alzheimer's, cancer, or rare genetic conditions.

    In 2017, researchers at Google came up with a method to build increasingly bigger and more powerful neural networks. Today, transformer-based models are behind some of the largest AI systems and typically learn patterns from vast amounts of text. They're versatile and can process different forms of language from code to ancient scripts scribbled thousands of years ago.

    Continue reading

Biting the hand that feeds IT © 1998–2022