One year later, controversy still surrounds Anthem data breach

Last February, Anthem revealed that it suffered a massive cybersecurity breach, and a year later, the fallout from the incident continues to reverberate throughout the health insurance sector and in the industry at large.

Although the hack was just one in a slew of breaches at healthcare organizations--including those that hit fellow Blues brands Premera Blue Cross, Excellus BlueCross BlueShield and CareFirst--the Anthem hack's scale set it apart. It put about 80 million individuals' data at risk, including current and former customers, current employees and even Anthem's CEO, Joseph Swedish.

But Anthem, government officials and consumers disagree about the true impact of the breach, the New Hampshire-based Valley News reports.

"In working with the FBI, we have found no evidence that the cyber attackers have shared or sold any of our members' data," Colin Manning, a spokesman for Anthem Blue Cross and Blue Shield in New Hampshire, told the publication.

While the FBI did not respond to the paper's request for comment, an official from the New Hampshire Justice Department's Consumer Protection and Antitrust Bureau also said his office cannot tie fraud activity to the data breach. Some have also speculated the Chinese are actually behind the attack, hoping to use the data to better comprehend the U.S. healthcare system.

A pending class-action lawsuit against Anthem, though, contends that some consumers have already had their information used fraudulently because of the data breach. The plaintiffs blame the breach on Anthem's "grossly inadequate computer systems and data security practices," according to Valley News.

Anthem offered those affected by the breach free credit monitoring services for two years and a $1 million identity theft insurance policy from the firm AllClear ID, the article adds. Yet critics note the service only monitors credit actions through one of three major credit bureaus, saying a more effective solution is for consumers to request a "security freeze" from all three credit reporting firms.

The national Blue Cross Blue Shield Association, meanwhile, now offers all of its plans' 106 million members free identity protection.

The Anthem breach and other cyberattacks have led both the public and private sectors to take steps to address the growing threat. Yet a recent simulation, called the HITRUST CyberRX 2.0 Health Plan exercise, showed that many insurers still fall short in their preparedness and response efforts.

To learn more:
- read the Valley News article

Related Articles:
Anthem hack compromises info for 80 million customers
Blue Cross Blue Shield Association to offer identity protection services to all 106M members
Survey: 81 percent of C-suite execs have seen cyberattacks at their facilities
Simulation shows health plans must do more to prepare for cyberattacks
Officials say Chinese hacked Anthem to learn about U.S. healthcare
Anthem faces lawsuits over data breach