Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anthem's Historic Data Breach: What We Still Don't Know 2 Years Later (axios.com)

Posted by msmash on from the holding-accountable dept.

In February 2015, health insurer Anthem said its database had been compromised, exposing personal information for 78.8 million people, including 60 million to 70 million of its current and former customers and employees. Two years later, much of how it happened, who did it, and what consequences Anthem will face remain unanswered. From a report: Anthem has not disclosed the value of its cyber insurance policy, which defrays some of the costs. The hackers were most likely working on behalf of a foreign government. Many security experts believe it was China, but that has not been proven yet. The FBI would not comment on the pending investigation. It's unclear if Anthem will face a federal penalty. It's by far the largest health care data breach, and the Department of Health and Human Services has imposed fines in the past. We don't know for sure that Anthem was fully protected from this type of attack, and a separate federal agency that had a contract with Anthem previously said the insurer did not have controls in place "to prevent rogue devices...from connecting to its networks." Class-action lawsuits are still pending, and fact-finding discovery ended in December. Anthem could escape big damages if people can't show concrete harm.

10 of 25 comments (clear)

  1. with this admin in place by TheGratefulNet · · Score: 1, Insightful

    ie, the US president and how he hates 'regulations', I expect nothing to happen to the company. we have to 'protect' companies, afterall, they are all too big to fail, in the cheeto benito's eyes.

    little guys don't matter. for the next 4 years, we'll see nothing BUT this kind of lack of caring and lack of regulation. no penalties, either.

    but hey, the conservates are STIGGINIT to us. yay conservatives!

    --

    --
    "It is now safe to switch off your computer."
    1. Re:with this admin in place by operagost · · Score: 1

      So what did Obama do about this, again?

      Oh, I know-- totally helpless with that obstinate Republican Congress. Yup, they stole his phone and his pen.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
  2. Anthem + OPM = Blackmail by laughingskeptic · · Score: 1

    Disparities between OPM records and medical records (for instance married persons being treated for venereal disease) provides intelligence blackmail targets.

  3. What we still don't know... by FrankSchwab · · Score: 4, Interesting

    As someone who was affected by this breach, I'll tell you what I still don't know.
    I don't know what information about me and my family was disclosed. I don't know whether they got my name and account number, the list of payments they've made, the list of diagnostics codes for each of those payments. or what. When I called to find out, the answer was "our public statements are all the information that I have to give you". Basically, the bad guys know what they got, and Anthem won't tell me.
    It sucks feeling so powerless about control of personal information.

    --
    And the worms ate into his brain.
  4. wishful thinking by Neuronwelder · · Score: 1

    I hope the people who were hit, were the one's who wanted less Corporate regulation!!

  5. Who are those 8+M extra people? by aglider · · Score: 1

    I would like to know who are those 8+M people ("persons") that are neither current not former customers and employees!
    I suspect they also have collected and retained data about prospect-customers, wanna-be employees.
    And I wonder how legal it is!

    --
    Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
    1. Re:Who are those 8+M extra people? by Bob+the+Super+Hamste · · Score: 1

      I think you may be correct in the "prospect-customers, wanna-be employees". My wife recently got a letter from a school district she applied to before we were married stating that her personal information had been stolen. We think that the information was kept for 16 or 17 years but is at least 15 years old. Personally I am getting really sick and tired of getting the notifications that organization X has had a data breach and as such I will be granted 1 free year of credit monitoring by shit company Y that I already have 5 concurrent monitors from. In a case like the one with my wife they had no reason to still be holding on to that information and should have disposed of it long ago, smells like negligence to me. In the case of the target breach where there were tons of places that had they simply followed basic system security procedures they could have stopped it so again smells like negligence. The problem is that there aren't any real consequences for these companies. Make it so that if you are negligent like in these examples that you have actual damages to pay to individuals. Even making it some value like $100 per individual would go a long way to seeing that proper measures are taken. Maybe make it $100 for regular data loss but losing something an individual's SSN or partial SSN (the last 4 digits are the unique ones the rest can be figured out fairly reliably) it then goes up to $1000 and 10 years of credit monitoring since far too many institutions feel they need SSNs and treat them as the magic number to uniquely identify a person across systems.

      --
      Time to offend someone
  6. Re:The only way this is going to stop by CaptainDork · · Score: 1

    Yeah, privacy is like pulling teeth.

    --
    It little behooves the best of us to comment on the rest of us.
  7. Re:The only way this is going to stop by bondsbw · · Score: 1

    Government identifiers like SSN and DL number need to be replaced. Even then, they should never be used (directly) for non-government purposes.

    We have much better options today. We need to start using them.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  8. Class-action lawsuits are still pending by NoSalt · · Score: 1

    Ummm ... so does this mean I can sue the federal government (specifically the OPM) for allowing the Chinese to steal my personal information???