The Target hack put personal information at risk for 70 million people. Data breaches are becoming more and more common, but we’re not completely desensitized to big hack numbers yet. When the second-largest health insurer in the United States gets hacked, leaving the private data of 80 million employees and customers exposed, it still seems like a problem.
Anthem insurance, which offers Blue Cross Blue Shield in many states, disclosed Wednesday that hackers breached a company database containing roughly 80 million entries on employees, 40 million current customers, and former customers. Information exposed includes names, addresses, Social Security numbers, and birthdays. The company told the Wall Street Journal that it first detected the hack a week ago and that “tens of millions” of records were taken. The good news is that it doesn’t seem like hackers had access to medical or financial records.
The company is going to contact everyone listed in the database, offer them free credit-monitoring, and set up a website to keep everyone up to date. Anthem is also working with the FBI and cybersecurity firm Mandiant to evaluate the hack and track its origins. The investigation is just gearing up, but unlike Target, Neiman Marcus, and Home Depot, the health insurance company chose to publicly acknowledge the hack fairly quickly. Under federal law, health care companies have 60 days to report a breach involving information that identifies individuals.
Lawmakers have been working to introduce stricter timeframes for corporate hack disclosures since early 2014, backed by President Obama and Attorney General Eric Holder. On Thursday the Senate Commerce subcommittee on data security had a hearing about proposals for new legislation, following a House Energy and Commerce hearing last week.
Tom Kellermann, the managing director of cyber protection at business management adviser Alvarez & Marsal, told the Huffington Post last February that, “There have been many instances where corporations have waited months to report that a breach occurred, and during that time, identity theft cases have dramatically grown in number.”
FBI spokesman Joshua Campbell said in a statement that Anthem’s quick response “is a model for other companies and organizations facing similar circumstances.” Unfortunately there are a lot of similar circumstances out there, and probably more on the way.