Breach of Health Insurer Exposes Sensitive Data of Millions of Patients


Apparently the data breaches of Target, Sony, Home Depot and a host of others weren’t sufficient to convince Anthem to encrypt patient Social Security numbers.


The health insurer, billed as the second largest in the country, announced late Wednesday that it had suffered a breach that may have exposed data on as many as 80 million current and former customers, including names, Social Security numbers, birth dates, addresses and income data. Data for employees of Anthem Blue Cross were also in the database the hackers breached. The company said it believed no medical information was accessed.


“Safeguarding your personal, financial and medical information is one of our top priorities,” the company said in a statement posted online, “and because of that, we have state-of-the-art information security systems to protect your data.”


It seems that state-of-the-art security system didn’t involve encrypting Social Security numbers and birth dates—two pieces of information that are highly valuable to identity thieves.


The company said it would provide credit monitoring and identity protection services free of charge to those who were affected. Anthem discovered the breach last week and is still investigating the number of people whose data was accessed, but a spokeswoman told USA Today that she believes it numbers in the “tens of millions.”


The kind of information stolen falls neither under HIPAA, nor the Health Insurance Portability and Accountability Act, which is the federal law governing the security of medical data. But Anthem is likely to face lawsuits for not encrypting Social Security numbers.


It’s not the first time Anthem has been in trouble for exposing patient information. In 2012 Anthem Blue Cross settled a lawsuit brought by California Attorney General Kamala Harris over a complaint that the company exposed the Social Security numbers of 33,000 health plan members when it sent letters to them with their Social Security numbers clearly visible through windows in the envelopes. The following year the company had to notify an undisclosed number of doctors and other health care providers after it exposed their Social Security numbers in a document posted to the company’s web site.


The FBI issued an alert to the healthcare industry last August warning providers that hackers were targeting them after a hospital group called Community Health Systems was hacked, resulting in data on some 4.5 million patients being stolen.



No comments:

Post a Comment