Hack of health insurer Anthem puts data of millions at risk

The personal information of current and former members and employees were accessed in what may be the largest ever data breach involving a US health insurer.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Feb. 4, 2015 10:29 p.m. PT

2 min read

Tens of millions of member and employee records may have been exposed. CNET

Anthem, the No. 2 health insurer in the US, revealed Wednesday that hackers had broken into its servers and stolen the personal information of as many as 80 million current and former members and employees.

In a note to customers Wednesday, Anthem CEO Joseph Swedish said the company was the target of a "very sophisticated external cyber attack" that compromised names, dates of birth, member ID, Social Security numbers, addresses, phone numbers, email addresses and employment information. He said there was no evidence, however, that any credit card or medical records had been exposed.

Anthem, which was formerly known as WellPoint and tallies 37 million current members, said it immediately moved to close the security vulnerability and was working with the FBI to determine the extent of the breach. A spokesperson told the Wall Street Journal that it believed "tens of millions" of records were exposed, likely making it the largest data breach involving a US health insurer.

Swedish, who said that his own personal data was exposed during the intrusion, said the company will individually contact everyone whose information was accessed in the hack. The company also said it will provide free credit monitoring and identity protection services for those affected.

An Anthem representative declined to comment beyond the statement posted to its website.

Anthem's security breach could rank among the largest emerging during a recent uptick in hacks. In September, Home Depot revealed that 56 million unique credit cards were put at risk of theft as a result of a security breach at the home improvement store. In 2013, hackers obtained credit card data of 40 million Target customers and the personal information for an additional 70 million customers. Arts and crafts retail chain Michaels Stores, department store Neiman Marcus and restaurant chain P.F. Chang's have also revealed security breaches aimed at stealing customers' credit card information.

Law enforcement began warning healthcare industry companies last year that they may face an increased risk of data breach attacks. Following a hack on US hospital group Community Health Systems in August, the FBI issued a flash warning to companies that it had observed "malicious actors targeting healthcare related systems," perhaps for the purpose of obtaining healthcare information or personal identification information, according to Reuters.