Hackers infiltrated Anthem’s information technology system and gained access to the personal information of about 80 million current and former members. It appears to be by far the largest cyberattack ever disclosed by a healthcare company.
In what the Indianapolis-based company described as a “very sophisticated” attack, hackers gained access to the names, birthdays, medical IDs, Social Security numbers, addresses, e-mail addresses, employment information and income data of current and former members, including Anthem employees, according to a letter to customers by CEO Joseph Swedish. The company has no evidence that credit card or medical information, such as claims, test results or diagnostic codes were “targeted or compromised,” Swedish wrote.
The source of the attack is unclear. All product lines were impacted, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, and Blue Cross and Blue Shield of Georgia, among other brands. Anthem (formerly WellPoint) has 37.5 million members enrolled in its affiliated health plans and serves 68.5 million people through all of its subsidiary businesses, which include Medicaid managed care and claims administration for self-funded plans.