Anthem, the second biggest health insurer in the US, has been hit by a major cyber-attack which may have exposed sensitive data including the social security numbers of tens of millions of Americans.
President and CEO Joseph Swedish revealed in an open letter that former as well as current customers and employees were affected, with the firm currently in the process of notifying individuals. The firm is said to have around 70 million customers.
He explained:
“These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”
According to an FAQ posted to the Anthem site, those signed up with the following plans/brands are at risk: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
As has become the norm in such cases, Anthem has agreed to provide credit monitoring and identity protection services free of charge to its customers. Those who want to find out more can call toll-free on 1-877-263-7995.
Swedish revealed the health giant has enlisted the help of Mandiant as it looks to investigate and remediate in the wake of the attack. The FBI is also investigating, he said.
The firm will most likely be in for a fairly large bill. Sony Pictures revealed on Wednesday that it will pay in the region of $15m just for investigation and remediation following a destructive cyber-attack late last year.
The movie giant also enlisted the help of Mandiant.
As of yet there’s no further information on who might be responsible for the attack and how they infiltrated Anthem’s network, although an educated guess would be that financially motivated cyber-criminals had something to do with it.
Check Point UK managing director, Keith Bird, warned that any stolen data is likely to be recycled by cyber gangs in phishing emails designed to trick users into revealing bank account and other details.
“For the attackers, it’s just a numbers game, but it could have serious consequences for customers,” he argued.
“Phishing emails continue to be the most common source for social engineering attacks, so customers should be suspicious of any email or even phone call that relates to the breach.”