Health insurer Anthem says database of customer, employee info hacked

NEWYou can now listen to Fox News articles!

Anthem, the second-largest health insurance company in America, said late Wednesday that a database containing personal information of approximately 80 million of its customers and employees had been hacked.

The cyber breach, which occurred last week, was first reported by The Wall Street Journal. The paper reported that investigators were still investigating the extent of the incursion, though Anthem said it was likely that "tens of millions" of records were stolen. Anthem also said the breach exposed names, addresses, birthdates, Social Security numbers, email addresses and employment details -- including income.

However, the insurer did say that credit card information was not compromised and added that it has found no evidence that that medical information such as insurance claims and test results was targeted or obtained.

The attack is the latest in series of hacks targeting high-profile corporations. Previous victims have included retailers like Target and Home Depot, banks like J.P. Morgan & Chase and entertainment conglomerate Sony Pictures.

Anthem said it had detected the breach itself and would notify affected customers via letter and e-mail. The insurer said it would also set up a information website and offer a credit-monitoring service.

More On This...

    The early public disclosure is a departure from the tactics of previous victims like Target, which was heavily criticized for not reporting breaches soon enough.

    "This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," Rep. Michael McCaul, R-Texas, chairman of the House Homeland Security Committee, said in a statement late Wednesday.

    Security experts told that health data is extremely attractive to criminals.

    “Every crime needs motive and opportunity. The motive is that PHI [Personal Health Information] can be monetized - theft of service, identity or medical and financial fraud,” explained Rob Sadowski, director of technology solutions at security specialist RSA, in an email. “The opportunity is that more health data is becoming digital, is being shared more broadly across networks, and providers aren't well prepared to defend against sophisticated attackers who are increasingly seeking this data.”

    “Healthcare records are much more valuable than credit card information,” added Nat Kausik, CEO of cloud security company Bitglass. “This is because while credit cards can be quickly cancelled, healthcare records contain social security numbers, addresses, phone numbers, family members, income info, and employment information that allows cyber criminals to assume the identity of its victims for committing insurance fraud, prescription fraud, and signing up for new accounts including credit cards.”

    Matt Cullina, CEO of identity protection specialist IDT911, told that the Anthem hack highlights the importance of extensive cyber security planning.

    “With high legal costs and the risk of business losses, companies should determine whether their existing systems will fend off the impact cyberattacks have on their security as well as bottom line,” he wrote, in an e-mail.

    This story has been updated with comments from security experts. SciTech Editor James Rogers and The Associated Press contributed to this report.

    Click for more from The Wall Street Journal.