Confidential Customer Data Obtained In Anthem Hack Wasn’t Encrypted

It's bad enough when you're in possession of a database containing 80 million customer records and it gets hacked. But what's even worse than that is when you fail to encrypt all that data. Such is the unfortunate situation facing Anthem, the second largest healthcare provider in the U.S., and its tens of millions of customers who are potentially affected by a recent security breach.

Had Anthem encrypted its records, the stolen data might not be all that valuable to hackers, or at least more difficult to access. But the reason Anthem consciously chose not to encrypt all that data is so that it would be easier for employees to track healthcare trends and share information with states and health providers, according to "a person familiar with the matter," The Wall Street Journal reports.

Doctor
Image Source: Flickr (NEC)

Anthem gambled and lost in a big way. With so many records on file, it's believed to be the largest computer breach ever disclosed by a healthcare organization. It probably wasn't all that difficult, either -- while an investigation is ongoing, the likely scenario is that a hacker or hacking group simply stole an employee password to access the database, and then made off with tons of unencrypted records.

Investigators still haven't found any evidence that the stolen information has been passed along in underground markets. They also don't have a clear culprit, though they've began to look at possible links to a hacking group in China -- malware used in the attack has been used almost exclusively by Chinese hackers.

"We join you in your concern and frustration," Anthem CEO Joseph Swedish posted on the company’s website. "I assure you that we are working around the clock to do everything we can to further secure your data."

Show comments blog comments powered by Disqus