Health insurer Anthem said hackers infiltrated its computer network and gained access to a host of personal information for customers and employees, including CEO Joseph Swedish. Newslook
 365 206 100LINKEDIN 18COMMENTMORE
SAN FRANCISCO —Millions of Anthem health insurance customers woke Thursday morning to an e-mail from the company telling them hackers had gained access to the company's computers and that their names, birthdays, Social Security numbers, addresses and employment data including income might have been stolen.
"Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection free of charge so that those who have been affected can have piece of mind," Anthem President and CEO Joseph Swedish said in the e-mail.
No credit card information was accessed in the attack, the company said.
The breach was first announced late Wednesday. It could affect as many as 80 million current and former customers of the nation's second-largest health insurance company.
"Anthem was the target of a very sophisticated external cyberattack," Swedish said in a statement posted on a website the company created for information about the incident.
Exactly how many people are affected wasn't immediately clear. The database that was infiltrated contained records for 80 million people.
The company is still investigating exactly how many records were actually stolen but, "at this point we believe it was tens of millions," said Cindy Wakefield, an Anthem spokeswoman.
If the entire file was taken it would be "the largest health care breach to date," said Vitor De Souza, a spokesman for Mandiant, the computer security company Anthem has hired to evaluate its systems.
Anthem members should be especially wary of criminals trying to "piggyback" onto the hack by using it to launch social engineering attacks to get their information, said Lee Weiner, a security expert with computer security company Rapid7.
These would most likely be e-mails or phone calls that try to trick worried consumers into sharing confidential information such as financial details.
"Consumers should be suspicious of any unsolicited calls or e-mails — don't click on links, or provide personal information over the phone or e-mail. If you get a call, offer to call back and use your search engine to find the appropriate number. Do likewise for any e-mails," he said.
The e-mail sent to Anthem customers Thursday morning only offers a link to the company's site at www.AnthemFacts.com and a toll-free number to call, 877-263-7995. Customers are not asked to send in any information.
The breach is a wake-up call to the health industry, experts say.
Attacks against the health care industry topped the 2014 breach list compiled by theIdentity Theft Resource Center. Health care companies suffered 42.5% of all data breaches in 2014, continuing a three-year trend, the survey found.
"Many health care companies have been laggards in the security area by focusing purely on check-box compliance and not on protecting customer information," said John Kindervag, an analyst with Forrester Research in New York.
No actual medical information appears to have been stolen, beyond customers' medical identification numbers. Because of that, it doesn't appear that the breach would be covered under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.
Anthem discovered the breach last week.
"The FBI is aware of the Anthem intrusion and is investigating the matter," said FBI spokesman Joshua Campbell.
Customers whose information has been stolen should report any suspected instances of identity theft to the FBI's Internet Crime Complaint Center at www.ic3.gov, Campbell said.
Anthem Inc. was previously known as WellPoint Inc. It was formed when Anthem Insurance Company bought WellPoint Health Networks in 2004.
The company has customers in 14 states.
 365 206 100LINKEDIN 18COMMENTMORE                                      end quote from:Millions of Anthem customers alerted to hack