Tag Archives: Anthem Blue Cross

Breach Brief – Anthem Incorporated

anthemIn one of the largest data breaches in corporate history Anthem medical insurers lost the information of more than 80 million customers including the company’s CEO. The information stolen includes names, birthdays, medical IDs, Social Security numbers, street addresses, email addresses and employment information and income data.

Anthem is the second-largest health insurer in the United States. The company offers insurance plans that include Anthem Blue Cross, Anthem Blue Cross and Blue ShieldAmerigroup and Healthlink.

The company reported it has found no evidence that credit card or medical information was compromised. While damage is still being assessed, the compromised database contained up to 80 million customer records.

Anthem has promised to notify all current and former customers individually if their data has been stolen. The company began the process notifying customers of the breach as early as late Wednesday. Customers affected by the breach will receive free credit monitoring and identity protection services.

In a statement company CEO Joseph Swedish admitted that his information was also lost in the data breach. “Anthem’s own associates’ personal information, including my own, was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”

According to the company the breach resulted from a “very sophisticated external cyber attack,” and added that law enforcement agencies were investigating to identify the perpetrator. The company has hired Mandiant, a leading cybersecurity firm, to help in the investigation.

The Federal Bureau of Investigation said that it was aware of the intrusion and was investigating the matter. 

Anthem has created a website for its current and former customers  to get information about the incident at www.AnthemFacts.com. They can also call 877-263-7995.

ALERT! CareFirst Health Insurance Hacked…Last June ALERT!

carefirstbcbs2color_2According to a Wall Street Journal report Washington, D.C.-based not-for-profit health insurer CareFirst BlueCross BlueShield announced Wednesday it had suffered a major data breach…last June! 

The data breach was announced Wednesday, following cyber security firm FireEye completed review of the attack late last week.

Hackers targeted and gained access to the personal information including birth dates, names, email addresses and subscriber information of over one million of its customers. 

“This breach provides further evidence that cyber security defenses in the healthcare industry are still one step behind sophisticated hackers. The first question to ask is: was the compromised database properly encrypted? Encryption is widely recognized as a best practice and it is vitally important for a company like CareFirst, which is handling sensitive patient information. Healthcare companies are prime targets for hackers,” Greg Kazmierczak, CTO of Wave Systems, told DC Inno.

CareFirst, along with Anthem Insurance and Primera BlueCross, becomes the third major health insurer this year to report a data breach. CareFirst has hired FireEye to investigate the breach and mitigate the damage.

“The intrusion was orchestrated by a sophisticated threat actor that we have seen specifically target the health-care industry over the past year,” FireEye said in a statement.

A representative of CareFirst stated that the compromised database “contained no member social Security numbers, medical claims, employment, credit card or financial information.” The insurer also stated that when they first detected the attempted attack last April, they believed they were successful in deflecting the infiltration.

But criticism of CareFirst has already begun. “Not only should the database have been encrypted, but access to the database should have been protected by 2-factor authentication. By having multiple identifying factors, it is dramatically harder for a hacker to gain entry into this type of database. While CareFirst stated that social security numbers and credit cards were not held in the database, access to names, birth dates, and email addresses can lay the groundwork for future intelligence gathering and cyber intrusions. Without strong encryption and access management, expect medical fraud and identity theft to run unchecked,” Kazmierczak said.

Breaking It Down

This is simply another sign of sloppy data handling by a major company. This should have never happened to CareFirst. But what do you expect when you have absolutely poor data security standards in the health care industry. Another sad fact is that the company experienced this data breach last year but is just announcing it now. Thats why we have to have a national data breach standard law and we need it now! CareFirst is trying to make its customer feel better by saying no information such as social security numbers, medical claims, employment, credit card or financial information was in the data base. So what! The information that was there is enough for a cyber criminal to use to hijack an email account, launch a phishing campaign, or even steal an identity. With the information they did get they can get the rest.  As for black people who ask “what does that mean to me?” I just told you.

ALERT! Anthem Insurance Hacked ALERT!

Anthem Blue Cross Blue ShieldAnthem Health Insurance formerly known as WellPoint and owners of the famed BlueCross BlueShield service reported today that hackers had penetrated its computer network gaining access to a treasure trove of customer and employee information including that of company CEO Joseph Swedish.

Anthem is the nation’s second-largest health insurer covering nearly 37 million people. The company said it was contacting customers impacted by the “very sophisticated” cyberattack and was working to figure out how many of its customer are at risk due to the hack.

Anthem reported that the hackers gained access to customer’s names, birth dates, email addresses, employment details, Social Security numbers, income information and street addresses of people who are currently covered or have been covered in the past.

The Indianapolis-based insurer said credit card information was not lost and it has no evidence that medical information, insurance claims or test results were targeted or obtained.

The insurer admits that all of its product lines were affected including Anthem Blue Cross, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield and Amerigroup. 

Anthem sells mainly private individual and group health insurance and dental and vision coverage. It also sells plans on the public insurance exchange and Medicare and Medicaid. 

Anthem is working with FBI to investigate the attack and the company has hired Internet security company Mandiant to bolster its network defenses. The insurer will provide free credit monitoring and identity protection services.

The FBI urged Anthem customers contacted by the insurer to report suspected instances of identity theft.

Breaking It Down

Another sophisticated attack with millions of identities lost. There are a few things you need to pay careful attention to in this news story because I smell what the bull left in the yard.

First of all a company of this size has the methods and the budget to protect customer information from any attack no matter how sophisticated. I’m betting it was some failure on their part that this happened and if you watch the news in the next few weeks it will come out. I promise you that!

Second, who cares if the CEO’s information was lost?  Thirty-seven million people are at risk from this attack and Anthem thinks it makes a difference that the CEO is one of them. Tell him I said welcome to the club! And who gives a damn if no insurance records or insurance claim information or credit card information were compromised? If I read the reports right what was lost included customer’s names, birth dates, email addresses, employment details, Social Security numbers, income information and street addresses of people who are currently covered or have ever been covered was stolen! So what else does the hacker need? The person or persons took exactly what they wanted and has no need for the rest of that crap!

Finally, when this type of attack is revealed then the FBI should be looking at the company as being criminally negligent in the protection of your data. Why? Because as the customer who lost this sensitive information, you can’t do a damn thing to them! Let me make sure you understand this. The courts have ruled you can’t sue for any compensation for your lost information unless you can prove some harm came to you as a result of the loss. So you need to go through the hell of finding out someone stole your identity, bought a house and car, took a vacation to Fiji and stuck you with the bill. Then you can get a lawyer and file a lawsuit and go up against a major corporation with a multi-million dollar legal budget to fight you. I told you, I smell what the bull left in the yard!