Feb 6, 2015 // Andrew Stroup
Anthem, a giant insurance corporation, was recently attacked by hackers who stole 80 million customers’ personal data. The kicker to this attack was the data stolen wasn’t encrypted despite numerous health information standards and laws to protect said patient information.
Customer data stolen included social security numbers, [email][1] addresses and other personal information.
One of the most common healthcare laws, the Health Insurance Portability and Accountability Act (HIPAA), doesn’t require health care companies to encrypt patient’s personal information. Based on reports by the Wall Street Journal, Anthem only “encrypts personal data when it moves in or out of its database but not when it is stored, which is common in the industry.”
Anthem released a statement saying it was “the victim of a sophisticated cyber attack.”
“These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data,” Anthem CEO Joe Swedish said via a statement on the company web site. “Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”
Additionally, Anthem said impacted members will receive “free credit repair and ID protection services.”
Anthem operates Blue Cross and Blue Shield plans in 14 states, making it the nation’s second-largest health insurer.
