Hackers access records of 80 million of Anthem customers

Hackers access records for millions of Anthem customers

Feb 5, 11:23 AM (ET)

By TOM MURPHY

INDIANAPOLIS (AP) — Hackers broke into a health insurance database storing information for about 80 million people in an attack bound to stoke fears many Americans have about the privacy of their most sensitive information.

Anthem, the nation's second-largest health insurer, said it has yet to find any evidence that medical information like insurance claims or test results was targeted or taken in a "very sophisticated" cyberattack that it discovered last week. It also said credit card information wasn't compromised, either.

The hackers did gain access to names, birthdates, email address, employment details, Social Security numbers, incomes and street addresses of people who are currently covered or have had coverage in the past.

An Anthem spokeswoman said Thursday the insurer was working with federal investigators to figure out who was behind the attack. They had not pinned down the exact number of people affected.

Anthem Inc., which recently changed its name from WellPoint, runs Blue Cross Blue Shield plans in more than a dozen states, including California, New York and Ohio. It covers more than 37 million people.

Cybersecurity experts say these hackers may not be done with the insurer, and health records are becoming more attractive to them, as previous targets like the retailers Target and Home Depot shore up their defenses.

"To me, this is the next wave of where were going to see more and more attacks," said Mark Bower, a vice president with the cybersecurity firm Voltage Security. "Cybercrime is a business. The attackers will simply move to the next low-hanging fruit."

He said security practices in health care are not as mature as they are in other industries, and hackers have multiple ways to get into a health care system that links insurers, care providers, labs and other businesses that handle sensitive patient information.

Medical records can be sold to criminals who could construct billing and insurance scams involving fake medical centers or target patients for phone scams.

"That's the kind of sophistication we have in cybercrime," Bower said. "We have networks of criminals who can use this data whenever its available based on their skill set."

Medical data also can be used to extort patients, with the hacker demanding money to prevent the public release of sensitive information, said Eran Barak, CEO of another cybersecurity firm, Hexadite.

He added that the attack may have been a probe to test the insurer's defenses, with hackers planning to return for more information or installing malware that steals data.

The insurer said all of its product lines were affected. It sells mainly private individual and group health insurance, plans on the health care overhaul's public insurance exchanges and Medicare and Medicaid coverage. It also offers life insurance and dental and vision coverage.

Affected brands include Anthem Blue Cross, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield and Amerigroup.

This wasn't Anthem's first security breach.

In 2013, the insurer agreed to pay $1.7 million to resolve allegations it left the information of more than 612,000 members available online because of inadequate safeguards. The U.S. Department of Health and Human Services said that security weaknesses in an online application database left names, birthdates, addresses, telephone numbers, Social Security numbers, and health data accessible to unauthorized users.

The Health and Human Services Department said then that the insurer didn't have adequate policies for authorizing access to the database, didn't perform a needed technical evaluation after a software upgrade, and did not have technical safeguards to verify that the people or entities seeking access were authorized to view the information in the database.

In 2008, the insurer offered free credit monitoring after it said personal information for about 128,000 customers in several states had been exposed online. In 2006, backup computer tapes containing the personal information of 200,000 of its members were stolen from a Massachusetts vendor's office.

CEO Joseph Swedish, who was not running the company when those security breaches occurred, apologized to customers on a website that the insurer established to explain the latest problem, www.anthemfacts.com.

"We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem," he said.

http://apnews.myway.com/article/20150205/us--anthem-hack-a8b630345b.html


Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more