Federal agents are investigating how Anthem, the nation’s second-largest health insurer, became the latest victim in a series of corporate cyberattacks that have exposed the personal data of millions of Americans and put Washington on high alert.
Hackers did not grab credit card numbers or medical information such as claims or test results, although they appeared to access to names, addresses and Social Security numbers of up to 80 million past and current members, according to the company, which first detected the breach Jan. 29.
“Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation,” Anthem President and CEO Joseph R. Swedish said in a letter late Wednesday to members.
The incident opened a new chapter in the high-stakes world of corporate hacking.
Anthem joins a long list of large companies — Sony, JP Morgan Chase, Target, Home Depot and Staples among them — whose systems have been attacked, prompting the Obama administration and lawmakers to home in on cybersecurity measures.
The White House on Thursday said it was aware of the attack and would push legislative proposals that would improve coordination between the federal government and private sector when such attacks occur.
SEE ALSO: Obama budget dedicates $14B to cybersecurity
“Obviously it’s quite concerning that we would have yet another intrusion of this size,” White House cybersecurity czar Michael Daniel said in a Bloomberg Government webinar early Thursday.
Rep. Fred Upton, chairman of the House Committee on Energy and Commerce, said Anthem will brief his staff Friday on what happened.
“Every business is at risk and American consumers are anxious,” the Michigan Republican said. “That’s why we’re continuing hearings and opening new lines of investigation. That’s why we’re pursuing legislation to strengthen data security and certainty in the handling of breaches.”
The FBI praised Anthem’s swift reporting as a model for other companies, saying “speed matters” because criminals can quickly destroy evidence, and the Health and Human Services Department’s Office of the Inspector General said it’s investigating whether Medicare or Medicaid beneficiaries were affected.
Rival insurers also took notice. Cigna CEO David Cordani said his company uses multiple layers of information technology protection and has even hired professional hackers to find any cracks in their armor.
“We take the protection of consumer information and consumer data as a number one priority,” Mr. Cordani told Bloomberg television.
Anthem, a major player on the health exchanges set up under the Affordable Care Act, changed its name from Wellpoint in December and manages Blue Cross Blue Shield plans in several states.
The Indianapolis-based insurer said it retained cybersecurity firm Mandiant to evaluate their technology systems. It will notify current and past members whose information had been exposed in the attack, and it set up a website, AnthemFacts.com, where members can get information about the attack and what to do.
Mr. Swedish’s letter said the breach also exposed Anthem employees’ data, including his own.
“We join you in your concern and frustration,” he wrote, “and I assure you that we are working around the clock to do everything we can to further secure your data.”
• Tom Howell Jr. can be reached at thowell@washingtontimes.com.
Please read our comment policy before commenting.