On Wednesday, Anthem Inc., the second largest health insurer in the nation, announced that its IT system had been hacked and the personal information of millions of present and former customers as well as employees stolen.
No medical or financial information such as credit cards and bank account numbers seem to have been compromised but personal information including birth dates, street and email addresses and employment information including income was stolen.
The company said that immediate steps were taken to close the breach and secure the system, adding that the FBI was informed of the attack and that Cybersecurity firm FireEye Inc. has been hired to aid in the investigation.
The Wall Street Journal reported that the attack was discovered last week and that while the company is unsure of the exact number of people whose information was stolen, Anthem said that it is likely in the tens of millions which would make it the largest attack ever on a health insurer in the country.
Anthem had 37.5 million medical insurance customers as of the end of December.
The company has set up a website, Anthemfacts.com to answer any questions that customers may have and will offer credit-monitoring service to customers who request it. The company has also set up a dedicated toll-free number for current and former customers to call for information.
Identity theft from medical insurers can go undetected for some time, even years, because neither patients or providers may not notice it immediately. This makes medical data particularly attractive to hackers who can often steal more money over an extended time than with a credit card which the bank can and will quickly cancel.
According to cyber security experts this has led to an increasing incidence of attacks on the healthcare industry which is a $3 trillion a year business. The FBI warned of this last August after an attack on Community Health Systems Inc which resulted in the theft of the personal information of millions of patients.
h/t: Huffington Post