Hackers have broken into a database at the second-largest health insurer in the US, which reportedly contains the personal data of up to 80 million customers and employees.
The unencrypted data includes names, dates of birth, addresses, social security numbers, phone numbers and employment history – but not medical or financial information.
Anthem confirmed the breach and said all the company’s business units are affected, but did not specify how many consumer records may have been exposed.
Affiliated brands affected by the breach include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
The insurer said it had reported the attack to the FBI, while cyber security firm FireEye said Anthem had hired it to help investigate the attack, reports The Guardian.
Investigators used the standard description for data breaches of this kind, saying the attack was "very sophisticated" and that attackers used “advanced” custom tools.
READ MORE ABOUT DATA BREACHES
- Five questions every board should ask after Sony Pictures breach
- Most businesses do not understand risks of data breaches, study finds
- Information Commissioner's Office issues warning to Office shoe retailer over data breach
- Obama calls for single US data breach notification law
- Finance and retail applications most vulnerable to breaches
- What you can learn from recent data breaches
- Breach response plan is a must for enterprise security
- Public demand harsher punishment for data breaches
- JP Morgan breach affects 7 million small businesses
Hackers target healthcare firms
Security professionals have identified healthcare companies as prime targets for attackers, due to the quantity and value of the sensitive information those organisations collect.
They warned that stolen information could be used to impersonate the people involved, to commit fraud and other cyber crimes.
“The stolen data is likely to be used as bait for further phishing attacks, especially in emails claiming to be from Anthem or an affiliate company,” said Keith Bird, managing director at Check Point UK.
“Armed with the data they already have, attackers will try to trick those affected by the breach into revealing further details, such as account numbers and passwords.”
Bird warned that phishing emails are the most common means of social engineering attacks, so Anthem customers should be suspicious of any email or phone calls that relate to the breach.
Websense principal security analyst Carl Leonard said criminals will use the sale of credit card numbers to fund the collection of a broader range of data about victims.
“The underground market is flooded with stolen credit card data, but that will help fund the collection of fuller, richer personal information sets about individuals,” Leonard told Computer Weekly.
These datasets will be far more lucrative than credit card details on the underground market and will include details of multiple credit cards, as well as regional, geographic, behavioural and personal data.
Websense expects this emerging trade in datasets on individuals will enable a new level of identity theft to enable fraud.
Hospital data breach
The Anthem breach comes six months after US hospital group Community Health Systems revealed that hackers gained access to 4.5 million patient records in a cyber attack from April to June 2014.
The attack on the hospital group is believed to have originated in China and enabled the intruders to bypass security measures to steal patients' personal data.
Anthem reportedly discovered the breach last week when a systems administrator caught a database query run under his ID without his knowledge.
The company has been praised for its speedy public disclosure of the breach, in contrast with Home Depot and other US firms breached in recent months that delayed notifying the people who could have been affected.
Some US politicians have used the latest data breach to renew calls on US lawmakers to remove legal barriers to sharing cyber threat information.