14 DAY TRIAL // The computer systems of Indianapolis-based company Anthem, one of the biggest players on the health insurance market, have been breached and sensitive information of present and former customers has been accessed without authorization.
It is not clear when the intruders managed to penetrate the systems of the company or when exactly the attack was detected, but as soon as Anthem learned about the breach, efforts to close the security gap were made and an investigation into the matter was started.
Mandiant is on the case, so is the FBI
Anthem President and CEO Joseph Swedish says that the company fell victim to “a very sophisticated external cyber attack,” which resulted in the exposure of sensitive details such as names, birthdays, medical IDs/social security numbers, street addresses, email addresses, employment and income-related information.
In an official statement released on Wednesday, Swedish says that the investigation, which is carried out by cyber incident response firm Mandiant, has not shown any evidence that payment card data or medical details have been accessed.
Owned by FireEye, Mandiant has been involved in the investigation of multiple complex cyber-attacks, including the recent one affecting Sony Pictures Entertainment, orchestrated by skilled hacker groups, state-sponsored or not.
Anthem also alerted the FBI, who started an inquiry in order to determine the identity of the perpetrators; no one has claimed responsibility and it is highly unlikely that someone will, given the value of the database on cybercrime bazaars.
Tens of millions could be affected
According to information from the company, more than 68 million people were served by its affiliate companies, with 37.5 million being currently enrolled in family or health plans.
The health care plans impacted by the current breach are Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
At the moment, not all affected individuals have been identified, but Anthem says that all of them will be notified about the incident via email. Moreover, the company promises free identity protection services to ensure that customers do not suffer more as a result of the leak.