Hackers Access 80M Customer Records at Major Insurer Anthem

In what might be the largest data breach disclosed by a healthcare company, attackers stole tens of millions of database records on Anthem members and employees, including Social Security Numbers.

The first sign of the incident came during the middle of last week, when a systems administrator noticed that a database query was being run using his passcode although he hadn’t initiated it. Anthem quickly determined that an attack had occurred.

Investigators tracked the hacked data to an outside Web-storage service and were able to freeze it there. But it’s possible the hackers already had copied it to another location.

The storage service used by the hackers was one that is commonly used by U.S. companies, which may have made the initial data theft harder to detect.

Investigators called the Anthem attack “sophisticated” and said the intruders used techniques that appeared to have been customized, rather than broadly available tools, and were “very advanced.”

The intrusion exposed names, birthdays, addresses and Social Security numbers but doesn’t appear to involve medical information or financial details.

Anthem, which offers Blue Cross Blue Shield plans in California, New York and other states, does not yet know precisely how many people may be affected.

“Anthem detected the breach itself, which puts it in the minority among companies subject to such attacks,” according to the Journal. It is also rare for a firm to reveal an incursion days after its discovery.