by Dan Kobialka • Aug 1, 2017
Anthem, the massive American health insurance plan provider, has suffered a data breach that exposed the personal health information (PHI) of more than 18,500 Anthem Medicare members, according to CNBC.
LaunchPoint Ventures, an Anthem healthcare consulting firm, in April discovered that one of its employees had been involved in identity theft, CNBC indicated. The employee emailed a file containing information about members’ Medicare ID numbers, Social Security numbers, health plan ID numbers, names and dates of enrollment to a personal address on July 8, 2016, Healthcare IT News reported.
LaunchPoint contacted the healthcare insurance provider about the data breach on June 14, and Anthem notified the U.S. Department of Health and Human Services about the breach on July 24, Anthem stated.
“Anthem had to work with LaunchPoint to determine if the information contained in the report corresponded to Anthem family health plan members,” Anthem Public Relations Director Gene Rodriguez told CNBC. “(We) had to ensure LaunchPoint had accurate address information in order to notify those impacted.”
The LaunchPoint employee responsible for the data breach has been terminated, the healthcare insurance provider noted, and is incarcerated on charges unrelated to the incident.
LaunchPoint is working with law enforcement and reexamining its existing security policies following the data breach, the company told Healthcare IT News. In addition, LaunchPoint and Anthem are contacting all affected individuals, and LaunchPoint is providing two years of free credit monitoring and identity theft restoration services.
Anthem in 2015 was victimized by a cyberattack that resulted in the theft of the personal information of 78.8 million people. The attack exposed Anthem members’ names, dates of birth, Social Security numbers and health care ID numbers, according to a prepared statement.
In June, the company agreed to pay $115 million as part of a class action settlement related to the data breach; the total represents the largest data breach settlement in history.
Data breaches are increasing in number and severity, according to a study of 330 IT professionals conducted by forensic security solutions provider Guidance Software.
The Guidance study indicated approximately 65 percent of organizations fell victim to malware-related breaches last year, and 25 percent said they suffered significant or minor direct financial losses due to a cyberattack or breach in the past 12 months.
Meanwhile, data leak prevention (DLP) technologies may help Anthem and other organizations stop data breaches, Rich Campagna, CEO of cloud access security broker (CASB) Bitglass, told MSSP Alert.
DLP technologies enable organizations to identify sensitive data and build controls around this information, Campagna said. That way, organizations can manage data access, Campagna noted, and reduce the risk of data breaches.