The top tech story over the last few days is certainly the announcement that health care provider Anthem, the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, was the target of a massive data breach. All told, personal information on over 80 million customers has been leaked to an as of yet unknown attacker, making this easily one of the industries largest breaches.
A hastily put together website, anthemfacts.com, attempts to downplay the importance of the attack by saying in large letters at the top of the page there’s no sign that credit card and medical information have been compromised. That makes for a great quote, but reading the full text of the page reveals the true enormity of the situation:
“Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.”
So while their customers credit card numbers may be safe, attackers seem to have made off with nearly every other important piece of information about their lives. Losing this much data, about this many customers, is absolutely huge. While customer data breaches seem to be becoming something of a monthly tradition as of late, they usually just include credit card numbers and maybe names; after all, most of these breaches have been at retailers.
Calls for Accountability
Demands that companies be held liable for loss of data in situations like this is nothing new and are unlikely to go away anytime soon with so much fuel being heaped onto the fire. This breach is yet another example of the increasingly sophisticated attacks being leveled against large corporations in an effort to smuggle out personal information. Given the gravely important nature of the data these companies hold on their customers, and the tenacity of those trying to steal said data, many believe government oversight of IT security processes is a necessary evil.
While it’ll still be some time before we know if the government will directly step in on this case, we’re already seeing some individuals taking action. Bloomberg reports that a woman in California has already stepped forward with a lawsuit against Anthem, citing their failure to properly secure customer data.