Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Blogs
    • AI
    • Deals
    • Layoff Tracker
    • HIMSS 2023
  • Opinion
    • Breaking Bias
    • Commentaries
    • Letters
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • 40 Under 40
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - AI and Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Sponsored Video Series - One on One
    • Sponsored Video Series - Checking In with Dan Peres
  • Data & Insights
    • Data & Insights Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Insurance
March 30, 2016 12:00 AM

Details of Anthem's massive cyberattack remain in the dark a year later

Bob Herman
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    It's been more than a year since health insurer Anthem disclosed what was by far the largest data breach in healthcare history, yet almost nothing further is known about the causes, costs and ramifications of the breach.

    The cyberattack—in which hackers stole the names, birth dates, Social Security numbers, home addresses and other personal information of 78.8 million current and former members and employees—gave Anthem's reputation a black eye early on. The company and the industry at large scrambled to do damage control. Consumers questioned whether Anthem and other healthcare organizations could manage the volumes of data they had.

    But the breach essentially has been treated as a footnote since then. Anthem's pending acquisition of Cigna Corp., other high-profile healthcare digital attacks, and time have overshadowed Anthem's large-scale breach. Unresolved legal issues likely have stifled further disclosure of what is known.

    The FBI is still investigating the attack, and so far has found no evidence that Anthem members' data have been sold, shared or used fraudulently, an Anthem spokeswoman said. Credit card and medical information also allegedly has not been taken. Anthem provided two years of credit monitoring to those who were affected.

    The source of Anthem's breach has not been identified, although some reports have linked it to Chinese hackers. The FBI did not respond to a request for comment.

    Anthem executives have not addressed the cyberattack in any quarterly earnings calls in the past year, and the incident has not had a direct impact on membership or profits. Costs and fines associated with the breach presumably total millions of dollars, and could be “significant” beyond Anthem's cybersecurity insurance policy, but no hard figures have been issued or estimated. Anthem's next public call will occur April 27, when the insurer will release first-quarter finances.

    Anthem sent a statement to Modern Healthcare that read, “At Anthem, securing our member, provider and client data is a top priority. We maintain a diligent focus on data security, and our information security program strives to protect, control and maintain the security of our technology environment.”

    Anthem hired cybersecurity firm Mandiant in the aftermath of the hack. Vitor De Souza, a spokesman at FireEye, Mandiant's parent company, said their work with Anthem is confidential under their contractual obligations.

    The National Association of Insurance Commissioners and the Indiana Department of Insurance also have worked with Indianapolis-based Anthem. The NAIC commissioned a “market conduct and financial exam” of the breach, but the report has not been finished and remains classified.

    “Anthem was proactive about addressing this breach and notifying individuals who may have been affected by it,” Jenifer Groth, director of communication and outreach at Indiana's Department of Insurance, said in a statement.

    In a breach as large as Anthem's, the shocking lack of details likely comes down to the legal process, said Sean Curran, a cybersecurity expert at consulting firm West Monroe Partners. Anthem is facing multiple class-action lawsuits from affected health-plan customers. The insurer also is trying to dismiss several counts in a consolidated case that sits in the U.S. District Court for the Northern District of California.

    “It's probably difficult to keep a handle on everything,” Ken Dort, a partner and cybersecurity expert at Drinker Biddle & Reath, said about Anthem's breach.

    However, it seems Anthem would want to disclose more information publicly, given its merger target, Cigna, previously held reservations about the effects of the data breach. State and federal regulators are conducting an antitrust review of the transaction, which has been fiercely opposed by consumer advocates.

    “Trust with customers and providers is critical in our industry, and Anthem has yet to demonstrate a path towards restoring this trust,” Cigna CEO David Cordani and former Board Chairman Isaiah Harris Jr. wrote in a June 21 letter that rejected Anthem's initial advances. “We need to understand the litigation and potential liabilities, operational impact and long-term damage to Anthem's franchise as a result of this unprecedented data breach, as well as the governance and controls that resulted in this system failure.”

    Other insurers have not fared well since Anthem's security failure. CareFirst, Excellus and Premera, which are Blue Cross and Blue Shield affiliates like Anthem, suffered their own large data hacks in the past year.

    “The insurers have probably so many different legacy systems bolted onto older systems,” Dort said. “They may not be quite as synchronized as much as they should be.”

    “Security still has its challenges,” added Curran. “We're still living in the dark ages of what security is.”

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    stars legal
    TukeyGate: Insurers vexed by Medicare Advantage star ratings declines
    legal money settlement.png
    Bon Secours seals Anthem contract, drops pay lawsuit
    Most Popular
    1
    Centene to lay off 2,000 workers
    2
    How health systems are battling price-gouging allegations
    3
    Senate advances bill to temporarily aid hospitals, health centers
    4
    Elevance, Blue Cross Louisiana halt $2.5B proposed deal
    5
    Tower Health to sell urgent care centers, close others
    Sponsored Content
    Daily Finance Newsletter: Sign up to receive daily news and data that has a direct impact on the business and financing of healthcare.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Help Center
    • Advertise with Us
    • Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Blogs
      • AI
      • Deals
      • Layoff Tracker
      • HIMSS 2023
    • Opinion
      • Breaking Bias
      • Commentaries
      • Letters
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • 40 Under 40
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - AI and Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Sponsored Video Series - One on One
      • Sponsored Video Series - Checking In with Dan Peres
    • Data & Insights
      • Data & Insights Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing