Cybersecurity

Health insurance giant Anthem hit with major data breach

The nation’s second-largest health insurance company, Anthem Inc., has been hit by a data breach that may have exposed data from up to 80 million customers.

“Anthem was the target of a very sophisticated external cyber attack,” said Anthem chief executive Joseph Swedish in a statement.

{mosads}The company said the digital thieves made off with a slate of personal information — names, birth dates, Social Security numbers, street addresses, email addresses and income data — but did not obtain credit card or medical information.

The infiltrated database had the records for 80 million people in it; Anthem said it is not sure if every person’s information was exposed. Still, the insurer estimated tens of millions of customers have been affected.

That makes it the largest healthcare breach to date, according to security experts.

Lawmakers immediately jumped on the incident to promote the need for Congress to pass cybersecurity legislation.

“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas).

“The nature of this breach is especially troubling as it strikes at the heart of an individual’s personal information,” said Rep. John Ratcliffe (R-Texas), who chairs the House Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.

For years, Congress has been debating two major cyber bills. One would enhance cyber threat information-sharing between the public and private sectors, while the other would set federal data security standards and require companies to notify customers and the government following a data breach.

Neither effort has resulted in any laws.

“Protecting Americans from cyberattacks should not be a partisan issue,” said Sen. Dan Coats (R-Ind.), whose state includes Anthem headquarters. “As a member of the Senate Intelligence Committee, I am fully aware of the threat cyberattacks pose and believe it is imperative that policymakers break down the barriers to information sharing that limit cyber defenses.”

The White House said Thursday that the hack was “a useful opportunity” to highlight the president’s legislative proposals on cybersecurity, unveiled in last month’s State of the Union address.

“There are some important steps that are included in that legislation that would improve the federal government’s response to situations like this, and would improve coordination between law enforcement authorities, private industry, and consumer advocates to ensure that all the necessary steps are taken,” press secretary Josh Earnest said.

Obama has also called for legislation that would standardize the patchwork of state laws governing how long companies have to inform individuals if their data has been compromised. Under the president’s proposal, retailers would need to report breaches within 30 days.

“There’s a lot of important work that needs to be done around this in the United States Congress,” Earnest said. “The good news is this is not an ideological kind of issue and that there are Republicans who have indicated that they also understand just how serious this is.”

The FBI said Anthem “promptly” notified law enforcement officials after discovering the breach last week. The bureau is investigating the incident.

“Cyber crime remains a significant threat and the FBI will continue to devote substantial resources and efforts to bringing cyber criminals to justice,” an FBI official said. 

This story was updated at 1:59 p.m.

Justin Sink contributed.