Breach Gets Away With Names, Social Security Numbers of Customers, Employees
Anthem Inc., the country’s second-biggest health insurer, said hackers broke into a database containing personal information for about 80 million of its customers and employees in what is likely to be the largest data breach disclosed by a health-care company.
Investigators are still determining the extent of the incursion, which was discovered last week, and Anthem said it is likely that “tens of millions” of records were stolen. The health insurer said the breach exposed names, birthdays, addresses and Social Security numbers but doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers, nor are there signs the data are being sold on the black market.
Anthem, which offers Blue Cross Blue Shield plans in California, New York and other states, said it doesn’t know precisely how many people may be affected. So far, it appears that the attack detected last week is the only breach of Anthem’s systems, and it isn’t yet clear how the hackers were able to obtain the identification information needed to access the database said Thomas Miller, the insurer’s chief information officer.
The insurer said it would reach out to everyone whose information was stored in the hacked database with a letter and, where possible, email. It is also setting up an informational website and will offer to provide a credit-monitoring service.
Its decision to reveal the attack days after its discovery, even as the investigation is getting under way, may signal a changing attitude among corporate executives about rapid disclosures in the wake of breaches of companies including Target Corp., Home Depot Inc. and Sony Pictures Entertainment Inc.
Anthem detected the breach itself, which puts it in the minority among companies subject to such attacks, and “organizations don’t typically provide notification this early on,” said David Damato, managing director at FireEye Inc., owner of cybersecurity unit Mandiant, which Anthem has hired to investigate.
When hackers intruded on servers at J.P. Morgan Chase & Co. this summer, the incident was reported by media outlets weeks after the bank had learned there was an issue. The bank has said previously that only contact information was compromised and it has seen no fraud associated with the event.
Anthem’s Mr. Miller said the company wanted “to share the information as soon as possible.” Federal law requires health-care companies to inform consumers and regulators when they suffer a data breach involving personally identifiable information, but they have as many as 60 days after the discovery of an attack to report it.
Anthem, based in Indianapolis and formerly known as WellPoint, covers around 37.5 million people. The hacked database included information for some current and former customers as well as its own employees; it also held medical and financial details, but the insurer said those details don’t appear to be included in the data stolen by the hackers.
The Anthem incident could rank among the largest of recent attacks. The J.P. Morgan breach compromised contact information for about 76 million households. Home Depot has said 56 million credit-card accounts were compromised, and 53 million customer email addresses stolen. Target’s cyberattack affected 40 million payment cards. Both retailers offered credit monitoring after the fact and banks typically reimburse consumers for fraudulent charges resulting from a data breach.
Small businesses accumulate various types of data, such as financial information related to revenues and expenses and data about employees, customers and vendors. Traditional file organization describes storing data in paper files, within folders and filing cabinets. Electronic file organization is a common alternative to paper filing; each system has its benefits and drawbacks.
Traditional file organization has security advantages over electronic filing, but it also has its disadvantages. Electronic files are usually accessible on a network, which means it’s possible for an unauthorized person to gain access to electronic data over the Internet through hacking methods. Electronic data can also be damaged by software security problems like computer viruses. On the other hand, paper files can be lost in fires and floods, but electronic data is easy to backup in multiple locations, reducing the potential for permanent data loss.
Traditional filing systems are less complex than electronic systems, which can make it easier for untrained people to access and manipulate data. Anyone can look through alphabetized filing cabinets to find a file. Locating and manipulating an electronic database information may require technical training, and user error can result in unintended alterations or data loss.
One of the primary disadvantages of traditional file systems is the time it takes to access data. It can take minutes if not hours to locate a few files in a large paper filing system. Electronic databases allow for almost instantaneous access to information. Faster data access time can increase the productivity of managers, analysts, accountants and other workers who use data on a regular basis.
Editing and Communication
Traditional file systems are cumbersome in that they do not allow users to easily edit files or send information to others. Paper files often cannot be edited directly, forcing users to make new copies to update old files. To distribute data on paper files, users must mail, fax or scan the data. Databases allow users to edit information fields directly, and because information is stored digitally, it is already in a form that can be easily transmitted.
Order of Data
Data can get out of order in traditional filing systems. If someone accidentally puts a file in the wrong place, or takes a file out of a cabinet and forgets to put it back, it can lead to lost data or the creation of additional copies of files. Electronic filing systems allow users to quickly check whether information already exists somewhere in the system, which helps avoid problems like redundant files and data loss.