Hackers who breached Anthem's computer systems took off with the private and sensitive personal information of more than 80 million past and current members.
This is twice the number of the 40 million individuals affected in every single data system breach recorded by the United States in the last 10 years, making the Anthem hack the biggest and potentially most dangerous security breach in the last decade.
In fact, just a couple of days before America's second biggest health insurance company announced the massive hack on Wednesday, Feb. 4, Anthem warned its past and current members of a current email phishing attack targeting them. The scam involves an email that claims to have come from Anthem, asking recipients to click a link that pretends to go to a credit monitoring website where it asks for more information.
The company also said it will notify customers about the hack but only via snail mail to advise them what to do. Meanwhile, it is highly recommended that all Anthem customers refrain from clicking any links from emails purporting to have come from the insurer. They are also advised not to provide any information on any website. However, customers should still be wary of letters in their physical mailboxes.
"Be on the lookout for potentially fraudulent requests for information requested by mail -- remember, the criminals have mailing information as well," said Dwayne Melancon, chief technology officer at risk management firm Tripwire. "Trust, but verify."
Customers should also be aware that although no medical records were stolen, the information already in the hands of the hackers -- names, birthdays, email addresses, mailing addresses, and Social Security numbers -- are enough to carry out more than just a phishing scam. Birthdays and email addresses, for instance, are commonly used by banks and financial institutions to verify a user's identity to authorize fraudulent activities, such as cancelling credit cards or even having new cards issued.
"I've seen in the past where hackers will tap your credit limit as far as it can go," Brian Richards, identity theft product expert at Protect Your Bubble, warned.
Richards advises all affected individuals to stop using the email address associated with their Anthem accounts and all other financial institutions. They should also set up credit monitoring and, in the event that they notice suspicious activity in their accounts, should have their credit cards frozen. It is also wise to change their verification questions and use answers they have never used before.
"I'd advise they set up those security questions across all their financial institutions, so their banking institution for accounts, mortgages, auto loans, and so on," Richards said. "That's really important."
Security experts have begun looking to China as the origin of the attack, saying that it could have deep ties with Deep Panda, an advanced hacking group that targets healthcare companies.
"We've seen the Deep Panda actor registering domain names that were health-sector specific and could be potentially tied to victims," said CrowdStrike vice president of threat intelligence Adam Meyers.
The purpose is unclear, but some experts believe the hackers could be looking to sell the massive trove of data to spies from other countries that want to build a database of information about government officials or top executives who normally use a pseudonym for their online operations but tend to use their real details in their health records.
However, Anthem and federal investigators are not yet convinced.
"It's premature," Kristin Binns, spokesperson for Anthem, said. "Nothing confirmed."
Photo: Matthew Hurst | Flickr
