Anthem Hack Included Personal Information For 78.8 Million Customers & Employees

Nearly three weeks removed from the detection of a massive data breach, health insurer Anthem Inc. is releasing more details about the scope of the hack, including the fact that personal information for about 78.8 million was compromised.

The Wall Street Journal reports of the 78.8 million people affected by the breach, 60 million to 70 million are current and former employees and customers going back as far as 2004.

Anthem, the owner of Blue Cross and Blue Shield in 14 states and Medicare and Medicaid plans, says some of the breached data belongs to consumers who were enrolled with Blue Cross and Blue Shield insurers outside of Anthem’s coverage area, but had used their coverage in one of the states where Anthem is the BCBS provider.

The Indianapolis-based insurer says that compromised records for around 14 million people are incomplete, So far, the company has been unable to identify where those consumers were enrolled, but believe it is unlikely they were active customers.

While compromised information includes names, birthdays and Social Security numbers, there is no evidence showing medical information or financial details such as credit-card or bank-account numbers were involved in the hack.

Previously, the company announced it would offer all current – and anyone who has been an Anthem customer since 2004 – two years of free identity-theft protection services.

Anthem faces multiple investigations by the FBI, federal healthcare agencies and state insurance commissioners, the Times reports.

“We appreciate the identity-protection services being put into place by Anthem, but reviewing the scope and implications of this event will be a long process,” Monica J. Lindeen, Montana’s commissioner of securities and insurance and president of the National Assn. of Insurance Commissioners, said following the breach.

As part of state and federal investigations, commissioners are looking into whether Anthem took sufficient security measures to safe-guard that information.

Industry analysts said last week that the outcome of those inquiries could lead to government sanctions like fines or suspension from key programs like Medicare Advantage or bidding for state Medicaid contracts.

Anthem first spotted the breach internally. They then brought it to the attention of the FBI and hired a specialist cybersecurity firm to help investigate. In a statement at the time, Swedish called it a “very sophisticated external cyber attack.”

The company, formerly known as Wellpoint, is the second largest health insurer in the country and currently covers 37.5 million Americans. They operate a wide variety of plans and brands, particularly Blue Cross Blue Shield.

The company has launched a dedicated website for sharing information about the breach, though at the moment it only contains the statement from Swedish and a brief FAQ.

Anthem: Hacked Database Included 78.8 Million People [The Wall Street Journal]