Millions of people are potentially at risk after a major data breach on insurance company, Anthem. The company says a cyber-attack breached a database containing the information of about 80 million customers and employees.
Anthem runs Blue Cross Blue Shield plans in more than a dozen states, including Nevada. While credit card and medical information does not appear to be compromised, hackers were able to access and likely steal tens of millions of records including social security numbers, birth dates and addresses. Anthem says it does not yet know the entire scope of the attack, but is notifying the people affected and the FBI is now investigating.
We talked with Tony Rucci with Ghost Systems. He says in the past few days, cyber-attacks haven't just happened with Anthem, but a few other health companies as well. “Prince Albert Parkland Health region, they had 12 records that were compromised. Riverside County Regional Medical Center had almost 8,000 records that were compromised. Memorial Healthcare had 14,000 records,” said Rucci.
Rucci has been working in the security industry for more than 30 years, including two decades working with the U.S. government's Counterintelligence Office. He explains why health insurance companies are such a big target. “In the healthcare industry, you have a lot more information. You have not only credit card information associated with it, but they have personal identifiable information or what we call the P.I.I. and your medical records information,” said Rucci. That information is worth a lot and can be uploaded and sold to criminals within 48 hours. “Healthcare records actually in the underground are much more valuable than financial records,” said Rucci. The "underground" is known as the black market for data records. “When credit cards are compromised, those records go for pennies to a few dollars. Healthcare records go for upwards $5 to $10, even $15,” said Rucci.
Tony tells us *how hackers pull it off..."One of the easiest ways to compromise somebody's account is through social engineering. They call them up and say hey, I'm from IT support and we're just trying to get your account all set up." Another way people can hack is by “spear-fishing,” when thousands of spam emails are sent to a company. “I can send out an email to 1,000 people in organizations and if I can get one person to click on that link, game over,” said Rucci.
A data breach isn't the only thing you need to worry about. There are secondary attacks through email, where in this case, hackers can pretend to be Anthem.
Dependents on health plans are also at risk. Hackers can sell the information to create fake bank accounts, open credit cards or make fake drivers licenses from children who may not even have those things.
The best way to protect yourself and your family is to be aware of the threats, monitor your credit cards, don't click on links in emails – instead go to the trusted website and change your passwords.
Anthem is reaching out to customers and offering credit monitoring and identity protection services for members who have been affected.
To see a list of recently hacked companies, click here:
http://datalossdb.org/
