(Updated on Aug. 1)
Anthem has been hit by another data breach that could affect more than 18,000 people after a third-party vendor's employee emailed member records to himself.
The incident occurred in July 2016, and Anthem began notifying members of the breach last week.
LaunchPoint Ventures, which coordinates Medicare services for Anthem, discovered in April 2017 that one of its employees had breached Anthem members' information. The employee—who has been fired and is currently being investigated for another, unrelated matter—sent himself a file with 18,529 members' personal information, which included, for most, Medicare ID numbers, health plan ID numbers, Medicare contract numbers and enrollment dates and, for a small subset, last names and birth dates.
The breach disclosure comes a month after Anthem settled a class-action suit over a 2015 data breach for $115 million. In that incident, hackers took the personal information of nearly 80 million employees and members. The settlement was the largest ever in a data-breach case.
Both Anthem and LaunchPoint are notifying those affected, and LaunchPoint is offering two years of free credit monitoring and identify theft restoration. Anthem reported the breach to HHS' Office for Civil Rights on July 24, and the breach is now one of 173 listed for the year, up 270% from the same period last year.
Anthem issued a statement outlining the particulars of the breach, but the company did not comment further. LaunchPoint was not immediately available for comment.