• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
  • Technologies
    • Artificial Intelligence (AI)
    • Cardiovascular
    • Orthopedics
    • Neurological
    • Diabetes
    • Surgical Robotics
  • Business & Finance
    • Wall Street Beat
    • Earnings Reports
    • Funding Roundup
    • Mergers & Acquisitions
    • Initial Public Offering (IPO)
    • Legal News
    • Personnel Moves
    • Medtech 100 Stock Index
  • Regulatory & Compliance
    • Food & Drug Administration (FDA)
    • Recalls
    • 510(k)
    • Pre-Market Approval (PMA)
    • MDSAP
    • Clinical Trials
  • Special Content
    • Special Reports
    • In-Depth Coverage
    • DeviceTalks
  • Podcasts
    • MassDevice Fast Five
    • DeviceTalks Weekly
    • OEM Talks
      • AbbottTalks
      • Boston ScientificTalks
      • DeviceTalks AI
      • IntuitiveTalks
      • MedtechWOMEN Talks
      • MedtronicTalks
      • Neuro Innovation Talks
      • Ortho Innovation Talks
      • Structural Heart Talks
      • StrykerTalks
  • Resources
    • About MassDevice
    • DeviceTalks
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Webinars
    • Whitepapers
    • Voices
Home » Hackers hit health insurer Anthem in massive cybersecurity breach

Hackers hit health insurer Anthem in massive cybersecurity breach

February 6, 2015 By MassDevice Contributors Network

Hackers hit health insurer Anthem in massive cybersecurity breach

(Reuters) — Hackers have stolen personal information relating to current and former customers and staff of No. 2 U.S. health insurer Anthem Inc., after breaching an IT system containing data on up to 80 million people, the company said late yesterday.

Anthem, which has nearly 40 million customers in the United States, said it had reported the attack to the FBI and cybersecurity firm FireEye Inc. said it had been hired to help Anthem investigate the attack.

"We do confirm that this was done by an advanced group using custom malware," said FireEye spokesman Vitor De Souza, noting that Anthem employees identified the breach, which was limited to a window of a few days.

"We know across the board that when you do see something, you need to act fast", which Anthem appears to have done, De Souza said.

Anthem said in a statement that names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, had been accessed in what it described as a "very sophisticated attack".

The breach did not appear to involve medical information or financial details such as credit card or bank account numbers, Anthem said, adding it immediately made every effort to close the security vulnerability, which was discovered last week.

FireEye’s De Souza said the breached database contained information from about 80 million individuals, but the extent of stolen data is still unknown, as are the perpetrators and method of the cyberattack.

"That information is a treasure trove for cybercriminals. It can easily be sold on underground markets within hours and used for a wide variety of identity fraud schemes," said Stuart McClure, CEO of cybersecurity firm Cylance Inc.

Cybersecurity has become a major concern both for U.S. firms facing a barrage of attacks as well as insurers trying to figure out how much of that risk they can afford to underwrite.

A high-profile attack against Sony Corp. (TYO:6758) Pictures Entertainment late last year brought the company headlines for everything from pay disparities among its employees to internal critiques about the studio’s own movies.

Other attacks have spooked consumers, with retailers Target and Home Depot both reporting the theft of such personal data as credit card numbers in recent years.

President Barack Obama’s recently proposed fiscal 2016 budget sets aside $14 billion to strengthen U.S. cybersecurity defenses, an increase of 10%.

Security cost

Cylance’s McClure, who has helped healthcare companies respond to previous breaches, said it typically costs health insurers at least $100 per stolen record to clean up this type of cyberattack. If 10 million records were stolen, the costs to respond would likely top $1 billion, he said.

That includes costs for setting up a hotline to answer customer questions, providing credit monitoring services and meeting state and federal government disclosure requirements.

Security experts say cybercriminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.

One of the largest U.S. hospital operators, Community Health Systems Inc, last year said Chinese hackers had broken into its computer network and stolen the information of 4.5 million patients.

The percentage of healthcare organizations that have reported a criminal attack rose to 40% in 2013 from 20% in 2009, according to an annual survey by the Ponemon Institute think-tank on data protection policy.

Anthem spokeswoman Kristin Binns said the company has doubled its spending on cybersecurity over the past 4 years. The health insurer had 37.5 million medical members as of the end of December.

"This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," U.S. Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late yesterday.

Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

Anthem said it would send a letter and email to everyone whose information was stored in the hacked database. It also set up an informational website, www.anthemfacts.com, and will offer to provide a credit-monitoring service.

Connecticut and New York prosecutors reached out to Anthem today, with Connecticut attorney general George Jepsen asking Anthem CEO Joseph Swedish to provide detailed information about the cyberattack, the company’s security practices and privacy policies by March 4, according to a letter obtained by Reuters.

A representative for New York attorney general Eric Schneiderman said his office had contacted Anthem to discuss protecting its customers in wake of the data breach.

And President Barack Obama’s cybersecurity adviser said today that he was concerned about the breach.

"Obviously it’s quite concerning that we would have yet another intrusion of this size," Michael Daniel said at a seminar organized by Bloomberg Government.

"It’s particularly disturbing especially when it hits that many people," Daniel said, advising affected consumers to change their passwords and monitor their credit scores.

Daniel declined to comment further on the breach, which is under investigation by the FBI.

Filed Under: News Well Tagged With: Anthem Inc., Cybersecurity

More recent news

  • Neuralink files to raise $649M in new equity offering
  • BofA: Surgical robot remanufacturing not a major setback for Intuitive
  • InspireMD wins CE Mark approval for CGuard Prime
  • Philips reports first cases for VeriSight Pro 3D ICE catheter in Europe
  • Ceryx Medical raises $15M to support bioelectronic pacemaker

Primary Sidebar

“md
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest med device regulatory, business and technology news.

DeviceTalks Weekly

See More >

MEDTECH 100 Stock INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy