The country's second largest health insurance provider suffered a massive cyber attack earlier this month, resulting in the disclosure of millions of customer and employee records. Anthem, Inc. announced the security breach in a public statement, saying hackers had stole the names, social security numbers, income data, employment data, home addresses and email addresses of 80 million of the company's employees and customers.
“Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack,” said Joseph R. Swedish, President and CEO of Anthem, Inc. Swedish added that no credit card numbers, debit card numbers, or the medical information of patients was comprised during this breach.
Anthem, Inc. was founded in 1940 under the names Mutual Hospital Insurance Inc. and Mutual Medical Insurance Inc. It's currently the largest healthcare provider in the Blue Cross network, insuring an estimated 40 million Americans. Anthem's large size makes this recent cybersecurity breach particularly troubling.
Surprisingly, the data stolen from Anthem, Inc. was NOT encrypted. It's a common assumption that healthcare providers and insurance companies are required to encrypt their data. While the Health Insurance Portability and Accountability Act (HIPAA) encourages data encryption, it's not a requirement. Could the use of encryption prevent future instances of cyber attacks such as the one at Anthem, Inc.? It may not completely prevent the disclosure of information, but it's certainly a step in the right direction.
According to a report published by NOLA.com, the Senate Health, Education, Labor and Pensions committee said it was planning to examine the addition of encryption as part of HIPAA. There's still no word yet on when, or even if, encryption will be required, but there's an undeniable push for greater data security in the healthcare industry.
Anthem, Inc. is in the process of notifying employees and customers who were affected by the breach. Anyone who was affected will have the option to sign up for free identify protection and credit monitoring services, both of which are paid for by Anthem, Inc. The Indianapolis-based healthcare insurance provider has also taken the liberty to set up a website with more information on the breach, available at www.anthemfacts.com. The public is encouraged to contact Anthem at 1-877-263-7995 to learn more.