clock menu more-arrow no yes

Filed under:

Hackers steal tens of millions of customer records from the US' second-biggest medical insurer

New, 12 comments
David McNew/Getty Images

Hackers have stolen tens of millions of customer and employee records from Anthem, the second-largest health insurer in the United States, after they were able to break into a database containing personal information for around 80 million people. Anthem says the hackers were able to obtain names, birthdays, addresses, and Social Security numbers, but it does not appear that medical information or financial details were taken.

Anthem insures about 37.5 million people and offers plans such as Blue Cross Blue Shield in California, New York, and 12 other states. The company says it's not yet sure how many records were stolen, but that the data has yet to appear on the black market. Thomas Miller, the company's chief information officer, said it wasn't yet clear how the hackers were able to access Anthem's database; David Damato, managing director at the company Anthem hired to investigate the breach, said the attack was "sophisticated" and used advanced custom tools. The target of another attack on a health care company last year, hospital operator Community Health Systems, believes that the group that targeted it originated in China.

Anthem says medical and financial information does not appear to have been stolen

The breach is the latest in a lengthy string of high-profile hacks targeted at big corporations. Experian, eBay, Home Depot, and Adobe are among the companies who have lost millions of customer records to hackers. The government's own insurance portal, Healthcare.gov, was also subject to a cyberattack last year in which no personal data was stolen.

Anthem only discovered its breach last week when a systems administrator caught a database query being run under his identification without his knowledge. Federal law gives insurance companies 60 days to report cyberattacks after their discovery, but Anthem made its attack public quickly, a move in contrast to other companies such as Target, who waited until their investigations were nearing completion before informing customers that their data was in the hands of hackers.