The second largest health insurer in the United Sates Anthem Inc. has reported a cyber-attack with the potential exposure of 80 million customers’ private information. This breach appears to center on personnel information including names, addresses, birthdays, employment information and social security numbers but, according to Anthem, does not include healthcare or credit card information. This was a sophisticated attack, which seems to be happening more often now.
While it’s fortunate that the breach did not expose credit card information, the combination of name, birthday and social security number is actually probably more devastating to individuals. Credit card companies do a great job of monitoring patterns activities on accounts and proactively replace cards that have been exposed. Social security numbers are a lot more valuable for sale on the open market than credit card numbers.
We have become accustomed to hearing about data breaches long after the damage is done and information has been potentially used. In most cases the breach was identified from an outside agency or individual who noticed personal data being used or distributed. While it’s disappointing to hear of another major breach, this being the largest health care breach in history, it’s refreshing to hear of a company who discovered it themselves and proactively notified the public and the potential impacted individuals. They notified customers within a week of the breach and also brought in forensic security experts and contacted the FBI.
Anthem has setup a website with information for their customer about the cyber-attack http://www.anthemfacts.com/.