In one of the largest medical-data thefts in U.S. history, hackers stole personal information of as many as 80 million members and employees of health insurer Anthem Inc. in February of 2015. The breach quickly turned political, with U.S. intelligence agents pointing to hackers backed by China and Russia — though none have formally named either country as the perpetrator. The Anthem theft mirrored related attacks targeting medical data by foreigners seeking information on a group that includes U.S. defense contractors, government workers and intelligence operatives, Bloomberg reported. American officials have said China and Russia combed through such stolen information as a counterintelligence tactic. In August, a Chinese Embassy spokesman told the LA Times the Chinese government “firmly opposes and combats all forms of cyberattacks in accordance with the law.” This month, President Obama announced the U.S. and Chinese governments had agreed not to conduct or support cyberattacks against each other. “We’ve agreed that neither the U.S. nor the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property … we’ll work together, and with other nations, to promote international rules of the road for appropriate conduct in cyberspace,” Obama said. “So, this is progress, but I have to insist our work is not yet done.” The Anthem attack, revealed in February, compromised names, birth dates, member IDs, Social Security numbers, addresses, phone numbers, email addresses and employment and income details. The health insurer — Blue Cross and Blue Shield Association’s largest for-profit heath care company — failed to encrypt the data on its servers. The company’s CEO Joseph Swedish called the incident a “very sophisticated external cyber attack" that compromised the information of Anthem’s current and former members and employees, including Swedish himself. The information stolen from Anthem’s servers did not contain credit card evidence or medical records. The theft extended into multiple brands Anthem, Inc. uses to market its healthcare plans, including, Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, and UniCare. The 37-million member insurer, the second largest in the United States, launched a website detailing the attack and its implications, anthemfacts.com, to answer victims’ questions and offer security assistance. “Anthem is doing everything it can to ensure there is no further vulnerability to its database warehouses,” the site reads. “Anthem has contracted with a global company specializing in the investigation and resolution of cyber attacks. We will work with this company to reduce the risk of any further vulnerabilities and work to strengthen security.” The company has offered 24 months of identify theft repair and credit monitoring services to those impacted through AllClear ID. That won’t be enough for all those impacted, though. This month, a federal judge appointed two attorneys — Eve Cervantez of Altshuler Berzon and Andrew Friedman of Cohen Milstein Sellers & Toll — as co-lead plaintiffs counsel in litigation against Anthem. More than 100 suits related to the breach have been filed.
