The second biggest health insurer in the US, Anthem Inc., has suffered a breach to its database that contains personal information for around 80 million customers and employees, reports Reuters.
Medical records and financial details appear not to be in danger, but the company said hackers may have gained access to names, birthdays, social security numbers, street addresses, email addresses and employment data. While the true extent of the hack is still being determined, it's likely to be the biggest data breach ever disclosed by a health insurance company.
Anthem described the hacking as a "very sophisticated attack," and the company said it immediately reported it to the FBI and hired a security firm to help with its investigations. Anthem's chief information officer, Thomas Miller, said the company isn't yet sure how the perpetrators were able to access the database, but it appears to be the only breach to Anthem's systems, reports the Wall Street Journal.
It appears that the malicious software used by the hacker was customized – often a tell-tale sign of an advanced cybercriminal.
Anthem will send a letter and, where possible, an email to everyone whose information was stored in the database. According to Bloomberg, it will also be offering customers free credit and identify-theft monitoring services.
This is not the first time security in the healthcare sector has been called into question, following an attack on Community Health Systems last August which affected 4.5 million patients. We Live Security's senior security researcher Stephen Cobb recently examined the state of healthcare IT security, concluding, "unless attitudes change and numbers improve, and unless our government decides to get serious about reducing cybercrime, the outlook is stormy at best."
As reported by We Live Security this week, the White House has proposed a 10 percent increase in cybersecurity spend for the 2016 fiscal year.