The Nation's second largest Health insurer company, Anthem, alerted its customers on Wednesday that hackers had stolen the personal information of over 80 Millions of its customers, making it the largest data breach and double the number of payment cards affected by Target data breach occurred in 2013.
The stolen personal information includes residential addresses, birthdays, medical identification numbers, Social Security Numbers, email addresses and some income data belonging to both current and former customers and employees, including its own chief executive.
80 Million is a vast number — it's roughly the populations of California, Texas and Illinois when combined together. So far, there is no evidence whether financial or medical information of the company's customers was compromised, according to a statement given by Anthem's vice president, Kristin Binns.
The health giant, based in Indianapolis, has hired cybersecurity firm FireEye's Mandiant division to work out which customers. Despite these efforts, the company has not yet identified the attacker behind the massive Anthem data breach.
1. WHAT WENT WRONG ?
Now the question rises, What went wrong with the second largest health insurer company that it lead its 80 million customers expose to mega cyber hacks?
Anthem hack could be due to a vulnerability in the healthcare company, and security experts say the stolen information was vulnerable because Anthem did not take proper precautions, such as protecting the data in its computers and servers through encryption, in the same way it protected medical information that was sent or shared outside of the database.
A spokesperson from Anthem says they do not known who is behind the attack, but a number of security consultants have pointed that in the past Chinese hackers have shown their interest in targeting popular healthcare companies.
It is to be estimated that the malicious hackers may have infiltrated the Anthem's networks by making use of a sophisticated malicious software program that gave them access to the login credential of an Anthem employee, thereby breaching 80 million customers.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
2. BEWARE!! E-MAIL SCAMS TARGETING ANTHEM CUSTOMERS
As soon as the story broke, cyber criminals started exploiting the latest Anthem data breach in an attempt to persuade people to sign up for bogus credit protection services and provide personal information about themselves.
The insurer company on Friday warned its customers about an e-mail scam targeting former and current customers whose personal information was suspected to have been stolen in the Anthem breach.
Anthem warned about the email scam in a statement saying that the emails appears to come from Anthem and ask recipients to click on the attached link in order to obtain credit monitoring. Do not click on such links and do not provide any information on any website, Anthem advised its customers.
Don't expect any email warnings from the company because the Anthem hack is much severe than what it appears. To avoid fallout from the hackers, Anthem said it will contact its customers only via mail delivered by the U.S. Postal Service. The company will not call members regarding the breach and will not ask for any credit card information or Social Security numbers over the phone or via an email.
3. THIS DATA BREACH COULD LEADS TO OTHER BREACHES
Anthem claimed that the hackers didn't appear to have stolen customers' medical information. However, medical identification numbers were taken, along with Social Security numbers, addresses and email addresses, which could be by cyber crooks used for medical fraud.
Medical identity theft has become a booming business, according to security experts, who warned that the hackers' succeeded in penetrating Anthem's computer systems could use the stolen information to target other health care companies.
Over 90 percent of healthcare organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm.
4. CALIFORNIA CUSTOMER SUES ANTHEM
A California woman on Thursday accused Anthem of failing to properly secure and protect its customers' personal information, including usernames, birth dates, addresses and social security numbers. She seeks to represent all other customers who have been affected by this massive data breach.
"It appears that Anthem's security system did not involve encrypting Social Security numbers and birth dates –- two of the most valuable pieces of information that a thief can have," Susan Morris said in her complaint filed in federal court in Santa Ana, California.
Among other claims, Morris seeks damages for violations of California's unfair competition and data breach laws, Bloomberg reported. The case is Morris vs. Anthem Inc., 15-cv-00196, U.S. District Court, Central District of California (Santa Ana).
5. DEMAND OF LAWS TO BETTER PREVENT BREACHES
After falling for massive data breaches like Target, Home Depot,...and now Anthem hack, there is a need for more systemic changes in the laws in an attempt to prevent big hacks after hackers hit Anthem, the nation's second-largest health insurer.
"We're going to need federal legislation to address security issues to keep these huge hacks from happening," says Waldo Jaquith, who leads U.S. Open Data, which works with the public sector and private companies to better understand, store and share data.
Jaquith suggests setting minimal security requirements into the law — such as requirement of much stricter passwords and customer authentication. But, until there are more systemic changes, consumers are left quite helpless.
6. HOW TO PROTECT YOURSELF AFTER BREACH
The hack affected a wide array of Anthem brands, including Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; and DeCare. So, if you have one of these plan, your personal data may have been taken by cyber crooks.
If you are a one of those affected customers, you will have to remain vigilant against fraud for the rest of your lives, because the risk of identity theft isn't short term, like in case of credit cards fraud. You may follow the following steps to protect yourself:
- Monitor Your Accounts - Watch out if someone using your information don't ever try to take over or transfer money out of your existing accounts. Don't forget that thieves with stolen info can get through your security questions, including the last 4 digits of your social and street address. Also, watch for any unauthorized activity or transfers on your current financial accounts, those affected in the breach.
- Sign Up for Credit Alerts and Identity Theft Protection for Free - The insurer company is offering free credit monitoring and identity protection services to all of its affected customers. So, you must sign up now, as these services will keep an eye on every unauthorised activities and send you alerts when someone else tries to use your identity. You can get further information on these measures at AnthemFacts.com.
- File Your Taxes Early - According to Paige Hanson, Educational Programs Manager for LifeLock, an identity theft monitoring service, it only takes two pieces of information for a cyber thief to hook your tax refund by filing your taxes early and claiming it for themselves, and the data in the breach contained both. So, in order to avoid any such problems, file your taxes as early as possible.
- Get Password Manager and Use Two Factor Authentication - The advice is common for all affected by data breaches — change your password and use best password manager to make sure you use a complex one, and don't use the same password or username across various websites. Also activate two-factor authentication for an extra layer of protection beyond your password.
- Stay Vigilant - The last and foremost thing to protect against the breach is to stay vigilant, as nobody knows when or where your stolen identities will be used. So, affected consumers will simply have to stay mindful forever.
"Your Social Security number is not going to change," said Gorup. "This is going to stick with you for life."
In case for any queries about Anthem data breach, the company has set up a dedicated website and a toll-free number (1-877-263-7995) for customers to access updates and ask questions related to the hack.