Anthem Hacked – US Health Insurance Provider Leaks 70 Million Records

Use Netsparker


Anthem Hacked! Everyone is screaming, I was like WTF is Anthem? Turns out it’s part of the 2nd largest health insurance provider in the US (Wellpoint) after United Healthcare – so it’s a pretty big deal with an estimated 70 Million people on its books.

Anthem Hacked - US Healthcare Provider Leaks Millions of Records

Of course according to them, “Anthem was the target of a very sophisticated external cyber attack” – yah, probably just a phishing e-mail or something right?

Hackers have invaded the servers of Anthem, a health insurer used by tens of millions of Americans, and stolen social security numbers, employment records, personal contact details and more. A veritable treasure trove for identity thieves.

Anthem, the US’s second biggest health insurer with about 70 million people on its books across the country, admitted late on Wednesday, Pacific time, that it has been comprehensively ransacked by criminals. Tens of millions of records are likely to have been obtained illegally as a result of the hack, Anthem warned.

If your plan is branded Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; or DeCare, you are at risk – your data may have been taken by thieves.

Former Anthem customers are just as affected, we’re told. Jackpot.

The health giant, based in Indianapolis, has hired infosec biz Mandiant to work out which customers have had their files accessed. According to this official FAQ, “no diagnosis or treatment data was exposed” nor any credit card information.

It is not clear when the company’s databases were infiltrated nor precisely when the compromise was detected – just that it was discovered some time last week. Staff with high-level access to the IT systems have had their passwords reset, and those using single-factor authentication locked out, we’re told.

People whose records were slurped by the hackers will be warned by mail in the following days. Anthem is offering free credit and identity-theft monitoring cover to those hit by the network security breach.


If the statement by Anthem is true though, it’s not THAT bad for them as they haven’t lost any payment details (credit card numbers etc.) or any medical records. But identity theft wise it’s quite bad as they’ve lost names, social security numbers, addresses, contact details and so on.

As usual there’s no details on what actually went down, was this really a hack? Database compromise? Deep system access? Or access via vendor, or disgruntled employee? Not sure if we’ll ever get to learn more – but it’s happened.

As yet, no one is saying publicly who is behind the attack nor how they managed to infiltrate Anthem’s networks. The insurer says it is “doing everything it can to ensure there is no further vulnerability to its database warehouses.”

Register staff are among those at risk: Anthem Blue Cross is our healthcare insurer in California. Tonight, we received this email from Anthem CEO Joseph Swedish:

Anthem Blue Cross was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.

Based on what we know now, there is no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised.

“Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” the chief exec added.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information.”

Indeed we did. Popping a huge healthcare insurer was only a matter of time: the data will be worth a pretty penny, and all of it sitting there, conveniently in one place, just waiting to be seized.

They have set up a dedicated website http://www.anthemfacts.com/ (that doesn’t even have a TITLE tag..) for some info or call 1-877-263-7995 – the FBI is already investigating. Maybe it was the Koreans?

We shall keep our ears open for developments on this as it’s a BIG leak – it’d be great to get some technical details of what went down.

Source: The Register

Posted in: Privacy, Web Hacking


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


One Response to Anthem Hacked – US Health Insurance Provider Leaks 70 Million Records

  1. Sandeep February 9, 2015 at 9:52 pm #

    Fingers are being pointed at Deep Panda too.