The Anthem security breach of 2015 was one of the most concerning information breaches in recent years, not least because it gave the cybercriminals who perpetuated the crime access to very sensitive data regarding millions of US citizens.
In February of 2015, a company called Anthem, who was previously known as WellPoint, announced that its customer database had been breached. This was very concerning because Anthem is the 2nd biggest health insurer in the United States.
A spokesperson for the company revealed that personal details including social security numbers, dates of birth, names, addresses, and work histories had been stolen from its system, and since this is all the information needed to commit identity theft, customers of Anthem were obviously very worried.
How many records were accessed?
According to the company, between 69 and 80 million may have had their data compromised in this breach.
How it happened?
Someone used the credentials of a database administrator at the company to access the personal data of its clients, by installing malware on the system. This was not noticed until the database administrator noticed an unusual query being run with their credentials.
It is believed that much of the data that was stored in Anthem’s databases may not have been fully encrypted, making the job of the hackers who breached the system much simpler. However, due to the fact they were using HIPAA technology, even if the data was encrypted, due to the fact the hackers had total access to the system, it is debatable how useful this would have been in this particular case.
What’s happened since?
The Anthem breach proved to be a wake-up call for the health insurance industry, which has realised that it must do more to ensure that data is kept secure, with encryption being one of the first things it has started to implement more widely.