Up to 80 million customers had their account information stolen in a huge data breach at Anthem Inc., the second largest health insurer in the country, the company’s CEO said in a statement Wednesday.
It could turn out to be the largest data breach of a health-care company in history, according to the Wall Street Journal. It’s unclear how many people have been affected, but between former and current customers and employees, as many as 80 million are at risk. Anthem is the largest for-profit insurer that carries Blue Cross Blue Shield health plans.
“Despite our efforts, Anthem was the target of a very sophisticated external cyber attack,” Anthem CEO Joseph Swedish said in a statement posted on Anthem’s website. “These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.”
Swedish maintained that “there is no evidence” that credit card and medical information was stolen.
After discovering the attack last week, the company “immediately made every effort to close the security vulnerability” and contacted the FBI. The company also hired Mandiant, a top cybersecurity firm, to analyze Anthem’s systems. Anthem chief information officer Thomas Miller told the WSJ that they don’t yet know how the hackers accessed the identification information that allowed them to enter the company’s database.
Miller said investigators traced the stolen data to a Web-storage service and froze the information, but are not yet sure whether hackers had already moved it. It’s not clear whether the FBI has any suspects at this time.
“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” Swedish said.
Cybersecurity threats are a growing problem for the health care industry. One of the largest hospital systems in the country, Community Health Systems, was hacked last fall by Chinese hackers, investigators believe, and 4.5 million hospital patients had personal data stolen.
But that breach pales in comparison to the 80 million customers at risk in Anthem’s data breach — as do most incidents in recent history. Data breaches at Home Depot and Target affected 56 million and 40 million customers’ credit card information, respectively. It could also be larger than the J.P. Morgan data breach in 2014, when contact information for 76 million customers was stolen.