Anthem, one of the nation’s largest health insurers, announced late last Wednesday that the personal information of tens of millions of its customers and employees was exposed in a “very sophisticated external cyberattack.” Anthem operates health plans under numerous brands, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia and Empire Blue Cross and Blue Shield.
The company said hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees. The information accessed included names, birthdays, addresses, email and employment information, including income data. Anthem said no credit card information had been stolen, and it emphasized that it did not believe medical information like insurance claims or test results were compromised. It said hospital and doctor information was also not believed to have been taken.
The attack could be the largest breach of a healthcare company to date, and one of the largest ever of customer information.
Anthem said that the breach was detected on Jan. 29, and that the company was now working with the Federal Bureau of Investigation. The company said it would begin notifying members in the coming weeks. In a statement, the F.B.I. said that it was investigating the breach, and that people should alert officials to any possible instances of identity theft.
Anthem set up a website, www.AnthemFacts.com, and a toll-free number, 1-877-263-7995, to respond to any questions. The company said it would provide free identity repair services and credit monitoring.