Anthem: Cyberattack Affected Personal Data of 78.8M Individuals
February 25, 2015 in News
On Tuesday, Anthem officials said the database that was recently accessed during a cyberattack contained the personal information for 78.8 million individuals across the U.S., the Wall Street Journal reports (Wilde Mathews, Wall Street Journal, 2/24).
Earlier this month, Anthem announced that hackers had accessed a database containing the personal information of its customers, former customers and employees.
The cyberattack could be the largest ever reported by a health care company and one of the largest breaches of customers’ personal information. The largest previously known data breach attributable to a cyberattack occurred last year, when Community Health Systems announced that an external group of hackers stole the non-medical data of 4.5 million patients (iHealthBeat, 2/5).
According to Modern Healthcare, the breach exposed the records of members in 14 Anthem Plans and 42 non-Anthem Blue plans, including some in Puerto Rico (Conn, Modern Healthcare, 2/23).
Anthem said records for about 14 million individuals were incomplete, and the company is unable to identify where they enrolled (Wall Street Journal, 2/24).
Anthem said that the breach included individuals’:
- Dates of birth;
- Social Security numbers; and
- Other personal data (Terhune, Los Angeles Times, 2/24).
However, the company said the breach does not appear to have affected individuals’ medical or financial data. In addition, Anthem said there is no evidence that the accessed data are being sold online (Wall Street Journal, 2/24).
FBI Close To Identifying Hackers, Officials Say
Meanwhile, the FBI on Tuesday said it is close to identifying the hackers responsible for the Anthem cyberattack, Bloomberg reports.
Joseph Demarest, assistant director of FBI’s cybercrime division, said the FBI is currently tracking 60 groups supported by foreign governments. Of those hacking groups, the majority are from China.
According to Bloomberg, the FBI is still determining whether it will publicly reveal information about the hackers.
Demarest said, “If you’re going to be calling out nations or actor sets, you’ve got to be willing to provide some of the technical findings,” noting that doing so sometimes is “almost impossible without giving up or compromising current ongoing efforts to understand those actors” (Strohm, Bloomberg, 2/24).