US Insurance Provider Cooperates With FBI After Customer Data Hack

WASHINGTON (Sputnik) — Health insurance provider Anthem Blue Cross and Blue Shield is cooperating with the Federal Bureau of Investigation (FBI) and has retained Mandiant, a private cybersecurity firm based in Alexandria, Virginia, to evaluate and improve its IT capabilities after hackers stole customer data, public relations director for Anthem Leslie Porras, told Sputnik Thursday.

“As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI, and began fully cooperating with their investigation,” Porras said. “Anthem has also retained Mandiant, one of the world’s leading security firms, to evaluate our systems, and identify solutions based on the evolving landscape.”

Hackers gained unauthorized access to one of Anthem’s IT systems, and obtained personal information relating to consumers and Anthem employees covered under Anthem’s healthcare policies, Porras said.

The stolen information includes names, birthdays, social security numbers, street addresses, email addresses, and employment information, which includes income data, Porras said. No credit card information was taken nor is there evidence that medical information like claims, test results, or diagnostic codes were targeted or obtained, Porras added.

On Wednesday, US chairman of the Committee on Homeland Security Michael McCaul, voiced concern about the Anthem cyberattack.

“This attack is another reminder of the persistent threats we face and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” McCaul said. “I will lead this effort with other committees in the house and senate to ensure we move forward with greatly needed cybersecurity legislation as soon as possible.”

Anthem is notifying current and former members about whose information has been accessed, and credit monitoring and identity protection services will be provided to those members free of charge, so that those affected can have peace of mind, Porras said.

In 2014, health care companies were the highest breached industry by cyberattacks, according to a data theft study done by the Identity Theft Resource Center. In the past decade, health care companies were the second most breached by cyberattacks, with only businesses being the most breached, according to the study.