On January 6, 2017 the California Department of Insurance released the examination findings and settlement agreement concerning the breach of health insurance giant, Anthem Inc., which compromised 78.8 million consumers’ records. Investigators concluded with a “significant degree of confidence” that the cyber attacker was acting on behalf of a foreign government. They did not identify the government.
“This was one of the largest cyber hacks of an insurance company’s customer data,” said Insurance Commissioner Dave Jones. “Insurers have an obligation to make sure consumers’ health and financial information is protected.” He went on to state, “Insurers and regulators alone cannot stop foreign government assisted cyber attacks. The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyber attacks on insurers, much as the President did in response to Russian government sponsored cyber hacking in our recent presidential election. ”
Anthem, Inc – the nation’s second largest health insurer – originally disclosed in February, 2015 that criminal hackers broke into its servers and stole more than 78 million consumer’s protected health information, including records of at least 12 million minors.
The investigation revealed the data breach began on February 18, 2014, when a user within one of Anthem’s subsidiaries opened a phishing email containing malicious content. Opening the email permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse.
The California Department of Insurance said Anthem has agreed to make $260 million in improvements to its information security systems. It will also provide credit protection to consumers whose information was compromised.
If you were a current or former Anthem member, or a customer of their large group of subsidiary companies during the time of the breach, your records may have been one of the 78.8 million stolen. At this point, it is unlikely that identity theft or fraud occurred that you are not yet aware of. However, it is always important to remain vigilant by reviewing account statements and monitoring credit reports. You may also still enroll in Anthem’s credit monitoring program offered by AllClear ID free of charge to you through February 2017.
As an employee of an organization of any size, let this and other similar stories be a reminder that it only takes one employee to expose business and consumer data to hackers.
Breadcrumb is a cyber security and executive advisory firm that assists organizations throughout the U.S. Contact us today for a no-obligation consultation.
Author: Brian Horton, CEO