Anthem, Inc., one of the largest health care companies in the United States, reported late on Wednesday that its computer systems have been targeted in a “very sophisticated external cyber attack.”
According to Joseph R. Swedish, president and CEO of Anthem, the attackers gained access to names, dates of birth, medical IDs/social security numbers, addresses, email addresses, and employment information (including income data) belonging to current and former members.
There is no evidence to suggest that credit card details and medical information, such as claims, test results or diagnostic codes, have been accessed by the attackers. The company has taken steps to close the security hole exploited by the malicious actors, Swedish said in a statement.
Anthem, formerly known as WellPoint, serves nearly 69 million customers through its affiliated companies, according to the organization’s official website. The health insurer is still trying to determine precisely how many of its customers have been impacted, but it appears the breach affects all product lines.
The list of affected plans includes Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
The FBI has launched an investigation and FireEye-owned security firm Mandiant has been called in to evaluate Anthem’s systems.
“Anthem is working closely with federal law enforcement investigators. At this time, no one person or entity has been identified as the attacker,” the firm said in an FAQ published on anthemfacts.com, a website set up following the hack attack.
Impacted individuals will receive a letter in the mail and they will be offered identity protection and credit monitoring services free of charge. Members who have questions about the incident are advised to call 1-877-263-7995.
Experts advise affected customers to keep an eye out for emails or calls regarding this incident since they are most likely fraudulent.
“Kudos to Anthem for announcing they will notify the affected customers via mail – that is much harder to spoof. Nonetheless, be on the lookout for potentially fraudulent requests for information requested by mail – remember, the criminals have mailing information, as well. Trust, but verify,” said Dwayne Melancon, CTO of Tripwire.
“Constant vigilance is the watchword for cybersecurity, and this breach demonstrates that any company with information of value can be a target – not just those with credit card numbers. Regardless of the sector, the precautions are consistent – understand what software and systems you have, configure them securely, and understand how they’re vulnerable,” Melancon told SecurityWeek. “And since the threat landscape changes constantly, enterprises must be able to continuously evaluate where the stand and fix security holes as soon as they find them. That can be difficult for any organization, and giving attackers the smallest foothold can result in huge consequences.”

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
