Anthem's Breach Woes Far From Over

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.healthitoutcomes.com/doc/anthem-s-breach-woes-far-from-over-0001

The reach of the recent Anthem data breach continues to expand. As Health
IT Outcomes reported earlier, the sophisticated external cyberattack left
account information of as many as 80 million customers vulnerable. In the
wake of the breach announcement, a ripple effect swept through healthcare,
raising concerns about the safety and security of personal information
across the board as well as demands for legislation requiring encryption of
all health records.

Now, Reuters is reporting 8.8 million to 18.8 million non-customers may be
victims of the hack as well. Anthem participates in a national network of
independently run Blue Cross Blue Shield plans that allow BCBS customers to
receive in-network coverage in areas where BCBS is operated by a different
carrier. Those BCBS customers are the ones who could potentially be at
risk, since their records may be included in the database that was hacked,
the company has said.

Anthem spokeswoman Kirstin Binns told Reuters that Anthem does not know
exactly how many Anthem versus non-Anthem customers have been affected by
the breach because of more than 14 million incomplete records in the
database preventing the company from linking all members with their
respective plans.

And as if that were not enough, Anthem says some tens of millions of
customer records were not just accessed but stolen, and now Anthem has
acknowledged in a new financial filing that its recent data breach
involving 80 million people could result in “significant” expenses that its
cybersecurity insurance policy may not fully cover. That disclosure was in
the company's annual 10-K report filed with the Securities and Exchange
Commission.

Anthem continues to assert the hacked data was restricted to names, dates
of birth, member ID/Social Security numbers, addresses, phone numbers,
email addresses, and employment information such as income data.



The hack will be costly for Anthem for a number of reasons including the
expense of providing two years of free credit-monitoring and identity theft
protection services, fines and legal expenses stemming from lawsuits – more
than 50 by the latest tally – and other investigative costs. In a less
tangible way, the breach may harm company image and customer loyalty,
though to date the response seems rather mild.


One other factor coming into play is how much of the expense will be offset
by Anthem's cybersecurity insurance. Anthem spokeswoman Binns said in an
email to  Modern Healthcare that the company was not able to comment beyond
what was included in the filing. The December 2013 data breach at Target
Corp cost an estimated $148 million in breach-related expenses, while
Target's insurance policy covered only $38 million, according to Modern
Healthcare.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!