Anthem, the second largest health insurer in the United States, disclosed yesterday that the company suffered a massive cyberattack, affecting as many as 80 million customers.
A treasure trove of data was collected by the hackers, according to Anthem CEO Joseph Swedish, including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data. The Anthem attack is the largest cyberattack on a health-care provider ever and the third-largest breach since 2012.
Earlier today, Bloomberg reported that the attack may have originated from Chinese state-sponsored hackers. According to Bloomberg, this is just one in a series of attempts to gain entry into the lives, and computers on a group of Americans -- defense contractors, government employees, and others.
As for the actual attack, the Wall Street Journal writes that it was particularly “sophisticated” and instead of using easily accessible tools (well...easily accessible for hackers), the attackers used a customized program, further supporting the theory that this was a highly targeted attack. The Anthem cyber attack seems different than the Target hack we wrote about last year.
While the hack was discovered last week, and despite Anthem’s swift response, the hack has affected millions of Americans. However, no credit card information was stolen, according to reports. But that doesn’t mean that there isn’t a way for fraudsters to use this information for financial gain -- for example, via "muling". Using Social Security numbers and other personal data, hackers could steal their victims’ identity and proceed to conduct phishing attacks. With personal information, hackers can do a lot of damage to a customer’s bank account.
These hacks are becoming more and more common -- since last year, Home Depot, Target, and JP Morgan Chase have all been hacked, resulting in the loss of sensitive customer data. While companies are getting better about responding to hacks (i.e. Anthem’s quick disclosure) which limits the damage of the attack, it's important to have safeguards in place before to prevent such a disastrous attack.