The nation’s second largest health insurance provider has fallen victim to a cyber attack. Anthem (formerly known as WellPoint) said as many as 80 million personal records may have been compromised as a result of a breach that took place last week according to a report from The Wall Street Journal.
A statement on the company’s website notes that attackers obtained personal information from current and former members including names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, employment information and income data.
Based on early analysis, Anthem said there is no evidence that credit or debit card, bank account or medical information was targeted or compromised in the attack.
The company said it will be contacting members and former members affected by the breach and will also provide credit monitoring and identity protection services free of charge.
The Journal points out that companies dealing in health care have up to 60 days after the discovery of an attack involving personally identifiable information to report it to consumers and regulators. Anthem’s decision to go public with the matter much sooner than that could signal a changing attitude when it comes to disclosure.
Anthem is still gathering all the facts and working with authorities but this could go down as one of the larger data breaches in recent memory and quite possibly the largest involving a health care company.