Things haven't been easy for the health insurance industry of late, especially in terms of complying with government mandates. Now, a recent event might bring more scrutiny down upon them, as one of the nation's biggest insurers recently had its data stolen in a hacking attack, leaving millions of people exposed.
Anthem - the second-largest health insurance provider in the U.S. - suffered a data breach earlier this year, which left a huge number of people with their information exposed, according to a report from Reuters. Anywhere between 8.8 million and 18.8 million people who aren't even customers of the company had their information viewed and possibly taken by an unauthorized party via a database hack, and another 60 million to 70 million of its own customers may have been exposed as well. Of that number, about 14 million records were incomplete. For its part, Anthem says the data was outright stolen.
Altogether, the network of health insurers - of which the database was a part - that involves many Blue Cross Blue Shield providers has a total of 105 million clients covered by 37 companies, the report said. Anthem runs BCBS plans in 14 states nationwide. As a result, state and federal authorities are conducting investigations into the breach, even while Anthem pursues its own.
What was taken?
A spokesperson for the insurer told Reuters that the data that was probably accessed is significant, the report said. The information includes names, dates of birth, member ID numbers, Social Security numbers, home addresses, phone numbers, email addresses, and employment data. The company has not yet started alerting consumers who might have been affected by the breach, but says it plans to offer them a slew of credit protection options, including identity theft repair, credit monitoring, insurance, and fraud detection services. The likelihood is that the people who took the data plan to sell it online.
This could have major implications for the health insurance industry as a whole, and not just because Anthem is so involved with other major insurers. It could, for example, lead to tougher regulations on the way health insurance providers protect and monitor the large amount of sensitive data they store, and also how they notify affected individuals when and if that information is ever exposed in a hacking attack, regardless of its scale.