More than 80 million people may have had their personal information stolen in a massive hack attack at health insurance giant Anthem.
In what security analysts believe is the biggest cyber theft in the history of the healthcare industry, the FBI fears that patients’ identities will be sold to crooks to be used in a variety of crimes.
Names, dates of birth, member IDs and Social Security numbers, addresses, phone numbers, email addresses and employer information may all have been compromised in the leak.
Anthem is one of the nation’s biggest healthcare providers and offers Blue Cross Blue Shield plans in California, New York and about a dozen other states.
Anthem says it is working around the clock to identify members and groups affected in the breach.
Customers with questions can call (877) 263 7995 or go online at http://www.anthemfacts.com.
Here’s what you need to know about the Anthem cyber hack:
1. Anthem Was Fined $1.7 Million in 2010 For Major Cyber Breach
Hackers gained access to accounts including Blue Cross Blue Shield patients from all states who sought care in Anthem’s coverage areas. Those affected could include workers at large employers who use Anthem, people enrolled in Medicaid managed-care plans and individual policyholders.
Information on patients’ children was also taken, say the company.
Now it has emerged that Anthem was fined $1.7 million for a 2010 computer leak that resulted in information concerning about 612,000 people being disclosed. At the time, says USA Today, Anthem was known as WellPoint.
The FBI warned the healthcare industry last April that the sector was particularly vulnerable to hackers seeking details of patients’ medical records and health insurance data. The FBI said the systems were much more vulnerable than the banking and retail sectors.
Doctors, hospitals and insurance brokers were not hacked and there is no evidence that credit card and confidential health information was exposed.
2. It’s Worse Than The Hack Attacks on Target And Home Depot
Stealing medical identities along with personal information such as SS numbers, addresses and IDs poses much more of a threat than the hacks on major store chains because thieves are able to use the information to act like the customer, security expert Tony Anscombe of AVG Technologies, told the Los Angeles Times.
Anscombe says customers should monitor their credit reports to ensure nobody is taking out a line of credit or a loan using their identity.
3. Anthem Did Not Encrypt Social Security Numbers of Customers
According to the Wall Street Journal, Anthem stored the Social Security numbers of 80 million customers without encrypting them.
Scrambling the information would have made it much harder for the thieves to access the data, but would also have made it harder for Anthem staff to share details within the company.
If you use the same email and password with Anthem as with other online accounts like banks and retailers it’s important to change them immediately so the hackers cannot gain access, say security experts.
4. China May Have Been Behind The Cyber Breach
Anthem believes the hackers used a stolen employee password to get into its database.
Although there is no proof, experts believe the attack may have originated from China. Investigators say the malware used in the breach have been used in the past almost exclusively by Chinese cyberspies, said the Wall Street Journal.
A Chinese Embassy spokesman in Washington insisted that cyber crime was prohibited and claimed “unfounded hypothesis and jumping to conclusions” was irresponsible.
5. Thieves May Apply For Jobs Using Your Identity
With information gleaned from Anthem, thieves could:
1. File for tax refunds under your name.
2. Open new credit cards with your information.
3. Apply for a loan or line of credit.
4. Apply for a job using your identity, particularly if they have a criminal record that would prevent them finding work.
5. Get medical treatment with your identity and file fraudulent medical claims.