Anthem hack may have involved millions who aren’t customers


Social Security numbers, names and addresses for millions of people who aren’t customers of Anthem Inc. may have been breached in a massive cyberattack disclosed by the health insurer earlier this month.

Anthem, which runs Blue Cross and Blue Shield plans in 14 states, believes information on 78.8 million people was accessed by hackers. Of those, about 60 million to 70 million were customers of the Indianapolis-based insurer, spokeswoman Kristin Binns said in an e-mailed statement Tuesday.

The remainder includes millions of people who aren’t Anthem members, but used their Blue Cross or Blue Shield insurance in states, including Texas and Florida, where Anthem operates partnerships. Binns said it was too soon to put an exact number on how many non-members were affected.

Anthem said Feb. 4 that personal information of its customers and employees had been breached by hackers. The company still doesn’t believe that any financial or confidential health information was accessed.

Anthem, formerly known as WellPoint, said it would provide free credit monitoring and identity protection services to customers whose data was compromised.

The Anthem breach is the biggest in the health-care industry since Chinese hackers stole Social Security numbers, names and address from 4.5 million patients of Community Health Systems Inc., the second-biggest for-profit hospital chain, last year. The attack is on a similar scale to hacks of customer data from Target Corp. and Home Depot Inc. last year, in terms of the number of people affected.

Please enable JavaScript to view this content.

Editor's note: IBJ is now using a new comment system. Your Disqus account will no longer work on the IBJ site. Instead, you can leave a comment on stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Past comments are not currently showing up on stories, but they will be added in the coming weeks. Please note our updated comment policy that will govern how comments are moderated.