Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Health Insurer Anthem Suffers Massive Data Breach

Posted by timothy on from the news-I-can-use dept.

An anonymous reader writes Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals. Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company's CEO Joseph Swedish in a public statement, in which he says they were the victims of a "very sophisticated external cyber attack." The company has notified the FBI, and has hired Mandiant to evaluate their systems and identify solutions to secure them. Swedish said the breach is extensive: the vulnerable data included "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised." (Also covered by Reuters.)

7 of 223 comments (clear)

  1. That's why nobody sensible wants them by 3.5+stripes · · Score: 5, Interesting

    Huge databases full of personal info are gigantic targets, and properly securing them is very very difficult (and what's worse, uneconomical, since most of them are owned by publicly traded companies)..

    Pandora's box is open now, but don't say the tinfoiled warriors didn't warn you..

    --


    He tried to kill me with a forklift!
  2. income data? by SemperUbi · · Score: 3, Interesting

    Why is a healthcare insurance provider collecting income information on the people they insure? That's none of their business. The answer is probably 'just because they can,' but that doesn't mean I have to like it.

  3. SSN as an ID not password by Himmy32 · · Score: 5, Interesting

    Always stuck me as silly that your SSN was supposed to be secret and is used as a password. But you can never change it and you have to give to everyone including companies like this that lose it. Seems like the SSA should also give you a password that you can update that places could authenticate against. That way if you suspect a breach and you could update that number. Something like they you come in verify your identity and give you a new PIN.

  4. Re:Thanks Obama by internerdj · · Score: 4, Interesting

    My congresscritter has managed to vote to repeal ACA 50+ times since it was passed. Got any ideas on how to make him stop? Letter writing didn't help. Voting against him didn't help either.

  5. Re:Thanks Obama by BVis · · Score: 3, Interesting

    Well, that's democracy in its current form for you. In 2010 the GOP got to re-draw congressional districts, and they gerrymandered them in such a way that anyone other than a staunch right-wing Republican will never ever get elected. You could run Jesus against the GOP candidate and it would be close.

    --
    Never underestimate the power of stupid people in large groups.
  6. Notice is 2 Months Late by Cigamit · · Score: 5, Interesting

    Its nice that they notified us today that our information was breached, but the real question is why they didn't notify us sooner.

    They setup a specific website about this breach.
    http://anthemfacts.com/

    The problem to me is that they just now notified us, yet they registered the domain for the breach on 2014-12-13. Which goes to show that they knew about the breach nearly 2 months (or possibly more) before deciding to inform us.

  7. What was the attack vector? by mdecheser · · Score: 3, Interesting

    Has any information been release regarding how the attack was performed?