Up to 80 million people’s personal information, including Social Security Numbers have been compromised in the largest-ever health care breach. The breach affected both members and employees of Anthem Health company, including the CEO himself. They created a website dedicated to the breach.
Here’s the information that’s been compromised:
- names
- birthdays
- medical IDs/social security numbers
- street addresses
- email addresses
- employment information
- income data
Here’s what hasn’t been shown to have been affected:
- credit card information
- medical information such as claims, test results or diagnostic codes
As a matter of comparison, in the well-known Target data breach, there were up to 70 million affected, versus the 80 million in this Anthem breach. Anthem does not report any laxity in their security protocol, rather “Anthem was the target of a very sophisticated external cyber attack”, according to CEO Joseph Swedish.
The company vows to provide credit monitoring for the affected members:
How can I sign up for credit monitoring/identity protection services?
All impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.
This breach would appear to be much more significant than the multitudes of other breaches we’ve had recently, since SSN’s were affected as well. This would make it easy, for example, for the thieves to open bank account or credit cards using the stolen information.
Some are reporting that the fact that there was no breach of medical information isn’t really a major deal, “The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it”. But according to other sources stolen identities that contain medical records are worth much more than a simple SSN.
A stolen credit card number sells for about $1 on the black market. A SSN with a credit card sells for about $5. And stolen medical records go for around $50. It’s not fun hearing these numbers thrown around, but it shows the significance of the fact that medical records have not been compromised.
We still need to find out more on the details of the credit monitoring being offered, but in this case – that SSNs were compromised – it seems especially important.
