Five things to know about the Anthem hack

The cyberattack on Anthem, a national health insurer, is the latest and largest customer data breach to make headlines. Here are five questions and answers about the hack.

Darron Cummings/AP Photo/File
This Wednesday, Dec. 3, 2014 file photo shows the Anthem logo at the company's corporate headquarters in Indianapolis. Health insurer Anthem said in a statement Wednesday Feb. 4 that hackers infiltrated its computer network and accessed a swathe of personal information about current and former customers including their incomes and street addresses.

On Wednesday, the nation’s second-largest health insurer, Anthem, said that it had been the target of a massive, “very sophisticated external cyberattack,” The New York Times reported.

Tens of millions of records about Anthem’s customers and employees – including chief executive Joseph R. Swedish – were stolen in what could be the largest ever data breach both of a health care company and of customer information, according to the Times.

Here are five questions, answered about the historic hack:

What is Anthem?

Anthem Inc. is a national health insurer that operates health plans in 14 states, including California and New York, under brands such as Anthem Blue Cross, Anthem Blue Cross and Blue Shield, and Empire Blue Cross and Blue Shield. Based in Indianapolis, Anthem was previously known as WellPoint Inc. and was formed when the Anthem Insurance Company acquired WellPoint Health Networks in 2004.

What exactly was stolen – and what wasn’t?

While the full scope of the breach is still being determined, Anthem puts the number of affected customers and employees at about 80 million, according to The Wall Street Journal, which first reported the attack. The stolen information includes names, birth dates, street and email addresses, medical IDs, Social Security numbers, and employment information, including income data.

As far as the company can tell, no credit card or medical information – such as claims, test, results, or diagnostic codes – has been compromised.

What could hackers do with the data?

The black market for these types of information is incredibly lucrative, regardless of whether hacked data includes financial details, according to a report by the RAND Corporation, a nonprofit research group. Stolen information is sold via forums, chat rooms, and online stores to the highest bidder, the report found.

The price of a name or email address ranges from fractions of a cent to about $1, depending on how reliable or fresh the data is, according to an article on security breaches on tech news site CIO.

“That may not sound like a windfall,” CIO reported, “but when you multiply it by millions of records, it quickly adds up. Take the [2012] Zappos breach as an example: If hackers in fact obtained data on 24 million customers, even if they sell only 5 million email addresses at five cents a pop – cha-ching – they've just made $250,000 off of one hack.”

Anthem said there's no evidence that the data have hit the black market. 

What’s the company doing to fix it?

Anthem, which itself detected the breach on Jan. 29, has since started working with the Federal Bureau of Investigation to look into the attack, and hired cybersecurity firm Mandiant to evaluate and improve its computer systems.

The health insurer has also set up a website, www.AnthemFacts.com, and a toll-free number, 1-877-263-7995, for current and former customers to reach for questions or concerns.

“I want to personally apologize to each of you for what happened,” Mr. Swedish said in a statement on the Anthem Facts site. “I assure you that we are working around the clock to do everything we can to further secure your data.”

How can I protect myself?

While there’s no real way to protect information we hand over to others, there are steps we can take to improve our personal cybersecurity. Most of them are basic measures many of us take for granted: Verifying Wi-Fi hotspots and avoiding logging on to banking or financial sites when on a public network could save you a lot of trouble later on, according to Forbes tech writer Amadou Diallo.

The FBI’s Cyber Division also recommends the following: Keep your firewall turned on, install and update antivirus software and anti-spyware technology, keep your operating system up-to-date, and turn off your computer when it's not in use.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.