Anthem, the US’s second biggest health insurer with about 70 million people on its books across the country, admitted late on 4th February 2015, that it was the target of an external cyber attack.
These attackers gained unauthorised access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.Tens of millions of records are likely to have been obtained illegally as a result of the hack, Anthem warned.
Health plans branded Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; or DeCare, are at risk.
It is not clear when the company’s databases were compromised – just that it was discovered some time last week. Anthem is offering free credit and identity monitoring cover to those affected by the breach.
Up to 80 million Americans (current and ex-insurees), are now being warned that they’re being targeted by scammers who are trying trick the victims into revealing additional personal information. Scammers are running email phishing campaigns, and even placing phone calls to affected customers, Anthem says.
The identity of the perpetrators hasn’t been disclosed yet, the FBI are are investigating the. Mandiant, a well-known cybersecurity firm, to look into vulnerabilities of its computer system.
An interesting viewpoint from Kreb’s
Chun’s view
It’s way too soon to speculate on the whys and what happened, only that your organisation is neither too big or too small to be vulnerable.
Good policies and good housekeeping are the backbone of any ISMS. Having a comprehensive plan to deal with breaches and data loss will go a long way in containment and minimising the damage.