The nation’s second-largest health insurer has suffered a cyberattack that might become the largest hacking headache ever for American consumers.
Anthem Inc. announced Wednesday that computer criminals had infiltrated its systems and stolen a treasure trove of personal information. While the firm says no medical data or credit card information was targeted or stolen, hackers made off with names, birth dates, medical IDs/Social Security numbers, street addresses, email addresses and employment information, including income data. This highly personal information can be used for far more serious identity crimes than simple credit card fraud. Criminals with a birth date and SSN can commit full-blown identity theft, creating new accounts in a victim’s name. Employment and salary information could even be used to bypass security measures, or in a worst-case scenario, be used to reset passwords.
“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” wrote CEO Joseph Swedish in an email sent to some consumers and viewed by Credit.com. He said the stolen data included employee information — even his own. “We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”
Anthem said it did not know how many of its customers were impacted by the heist, but the number could be staggering. On its website, Anthem says it serves 69 million people, with more than 37 million enrolled in its family of health plans. But the hack also involves former customers, so its impact could be even larger. Impacted brands include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.
Last year, the FBI issued a generic warning that healthcare providers would soon be the target of cybercriminals.
“The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely,” the agency said in a warning obtained last April by Reuters.
Anthem says it will notify impacted consumers in writing within “weeks” and offer them free credit monitoring and identity theft protection services.
Consumers might not want to wait for that, however. Anthem customers can immediately place a 90-day temporary fraud alert on their credit reports at all three bureaus, which should make it difficult for hackers to open new accounts using their personal information. Consumers can consider placing a credit freeze on their reports, too.
As with any data leak, the Anthem incident is another reminder to monitor your accounts carefully at least once each month to make sure nothing unusual has occurred. The Anthem breach creates a bigger challenge for consumers than the garden-variety credit card hack, however. The data that’s been stolen can’t be canceled or reissued like a credit card account, and the damage criminals can do is not limited to existing bank accounts. Consumers should be vigilant across their digital footprint: watch for unexpected activity in a 401(k) account or other brokerage account, for example.
The most serious frauds will occur if the data is used to open new accounts, however. That’s why it’ll be crucial for all Anthem consumers to monitor their credit reports for new accounts — not only today, but next week, next month, next year — and sadly, forever. For these victims, it will not be an issue of preventing identity theft, but rather detecting it quickly and taking steps to recover from it as soon as possible. Credit monitoring services – and there are a variety of paid and free services out there — can be helpful in discovering new accounts. You can also get a free credit report summary on Credit.com every month to keep an eye on your credit report activity – any suspicious changes should prompt you topull your free annual credit reports and address any problems immediately.
This article originally appeared on Credit.com and was written by Bob Sullivan.