Hackers steal millions of Anthem health insurance customers’ data

Anthem data breach

Anthem operates these brands: Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; and DeCare. They have customers in these states:










New Hampshire

New York




Source: Anthem

The following municipalities are insured by Anthem:

Butler Twp.



Champaign County

Clark County


Cincinnati State Technical and Community College




Logan County



The personal information of some 80 million Anthem Inc. health insurance customers, including 3.3 million in Ohio, may have been stolen in one of the biggest data breaches in the history of the medical information field, officials said Thursday.

Anthem President and CEO Joseph Swedish said sophisticated cyber attackers gained access to Anthem’s IT system and stole personal data of current and former members. The information taken includes names, birthdays, medical IDs/Social Security numbers, street addresses, email addresses and employment information, including income, Swedish said.

“There are over 3 million members in Ohio, but we do not yet know if any were impacted,” said Kim Ashley, public relations director for Anthem Blue Cross and Blue Shield in Ohio, which employs more than 1,700 people at its Deerfield Twp. location in Warren County.

Many Southwest Ohio municipalities — Dayton, Butler County, Clayton, Englewood, Clark and Champaign counties, West Chester Twp., Middletown and several more — use Anthem as their insurer. They received an email from the company informing them of the breach. “We have not been told definitively that any of our employees are impacted,” Clark County Administrator Nathan Kennedy said.

“We are still learning about the nature of the breach and its potential consequences to our employees’ private information,” said Doug Adkins, Middletown city manager. “There is very little information available right now, and as more information becomes available, the city will take any appropriate measures required to respond.”

According to published reports, investigators are looking at China as a source of some of the software and techniques used in similar cyber attacks. “The malicious code is part of a software family researchers call ‘Sakula,’ which has been linked to China in the past,” The Wall Street Journal reported.

In an apology letter post on Anthem’s website, Swedish said there is no evidence that credit card or medical information such as claims, test results or diagnostic codes were compromised. Customers with email addresses were reportedly informed of the brach Wednesday night. Those without emails will be getting letters in the coming weeks, Ashley said.

Current and former customers can get more information at www.anthemfacts.com or by calling (877) 263-7995, Anthem officials said. The Ohio Attorney General’s Office said identity theft victims could visit www.OhioAttorneyGeneral.gov or call (800) 282-0515.

“We encourage people affected by this or any other data breach to take common-sense steps to protect themselves,” Ohio Attorney General Mike DeWine said. “Even if your information has been compromised, it doesn’t necessarily mean that you will be the victim of identity theft, but it is important to monitor your accounts and check your mail. The sooner you detect a problem, the easier it will be to correct.”

Bryan Fite, president of Dayton-based Meshco, said his company teaches offensive and defensive computing for cyber warriors. “It’s really hard to tell if your name is out there in the underground or not,” he said. “The currency that people are trading in is your identity.”

Fite said credit card information is not as valuable for hackers as it once was, but patient information can be sold and re-sold: “There might be cyber criminals that want to prey on people with certain conditions, to maybe make them think that they have a cure.”

It’s possible that there will be many cyberhacks from unfriendly state-sponsored actors in 2015, he said. Recent cyber attacks have taken place against Sony Pictures, Target and JPMorgan Chase.

“The people who are doing this, they bounce around the world,” Fite said. “They could actually be in our own neighborhood. You’d never know it because the technology allows you to really ‘anonymize’ your transactions.”

Anthem was Ohio’s largest health insurer by premium revenue in 2013, according to a 2014 report from the Ohio Hospital Association. Anthem posted profits of $392.5 million on total revenue of $5.2 billion in 2013, according to that trade group’s annual report. Anthem operates in 14 U.S. states, including Ohio, Indiana and Kentucky.

Once known as Wellpoint, Anthem is among the United States’ largest health insurers.

“Anthem’s own associates’ personal information – including my own – was accessed during this security breach,” Swedish wrote in offering his apology and stating that the company has contracted Mandiant, a global company that investigates and resolves problems from cyber attacks. “We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”