Anthem data breach could expose personal data of thousands

Anthem data breach could expose personal data of thousands | Insurance Business

Anthem data breach could expose personal data of thousands
Over 18,000 Anthem Medicare enrollees’ personal health information has been potentially exposed after a former employee of LaunchPoint Ventures – one of Anthem’s healthcare consulting firms – sent data to a personal email.

LaunchPoint discovered on April 12 that one of its employees “was likely involved in identity theft-related activities,” a company release said. The firm then hired a forensic team to investigate. On May 28, LaunchPoint then discovered that the employee has emailed a file with information about Anthem companies’ members to his personal email on July 8, 2016.

Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!

Anthem was later notified of the breach by LaunchPoint on June 14. According to LaunchPoint, the file the employee sent included the Protected Health Information of certain Anthem members, which include their Medicare ID numbers, Social Security numbers, Health Plan ID numbers, Medicare contract numbers, and dates of enrollment. The firm is in the process of contacting those whose information has been compromised.

Potentially, more than 18,500 Anthem Medicare members’ Social Security and Medicare identification data may have been exposed as a result of the breach. An Anthem spokesperson said that the company had reported the breach to the Department of Health and Human Services on July 24, the same day LaunchPoint notified healthcare members of the risk.

“Anthem had to work with LaunchPoint to determine if the information contained in the report corresponded to Anthem family health plan members,” Anthem public relations director Gene Rodriguez told CNBC, explaining why it took the company time to report the breach.

“[We] had to ensure LaunchPoint had accurate address information in order to notify those impacted.”

Anthem said that the contractor attached to the data breach has been “terminated” and is incarcerated on charges unrelated to the information theft. The company also said that LaunchPoint is reexamining its security safeguards.

CNBC reported that individuals whose information was exposed due to the leak will be offered free credit monitoring and identity theft restoration services for two years.


Related stories:
Is your company’s data safe from a rogue employee?
Anthem hunts for next deal after mega merger collapse