Anthem Inc., the second-largest health care insurance provider in the U.S., announced late Feb. 4 that hackers breached company computers gaining access to customer and employee information, including names, Social Security numbers, addresses and employment data.
Anthem, which has a database containing information for about 80 million people, has not yet officially released how many people were affected.
Related Post: Wellpoint to Rebrand Itself as Anthem
However, the Wall Street Journal reported earlier that number is suspected to be in the tens of millions, which would make this the largest data breach involving a U.S. health insurer so far in history.
Initial investigation indicates credit card numbers as well as medical diagnosis and treatment data were not exposed. As the company examines the security breach, it will be sending letters to affected customers with appropriate next steps.
“We join in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure you data,” he wrote.
Anthem said it immediately took steps to close its security vulnerability, including reporting the attack to the FBI and hiring the cybersecurity firm Fire Eye Inc. The company will also be offering free credit card monitoring and identity protection services for those affected.
“The nature of this breach is especially troubling as it strikes at the heart of the individual’s personal information,” said Rep. John Ratcliffe (R-Texas), who chairs the House Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.
Related Post: Making the Most of Customer Complaints
Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. health care industry, which is particularly vulnerable because of its reliance on ageing computer systems that do not have the most up-to-date security features.
“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” said chairman of the Committee on Homeland Security, Michael McCaul (R-Texas).