Anthem Breach

About

The Anthem data breach, disclosed on February 4, 2015, was one of the largest healthcare data breaches in U.S. history. It exposed the personal data of approximately 78.8 million current and past customers, including Social Security numbers, names, dates of birth, medical IDs, street addresses, phone numbers, and email addresses. The breach did not involve medical information or financial data like credit card numbers. Anthem discovered the unauthorized access when a database administrator noticed his credentials being used without permission, leading to an immediate shutdown of database access and a mandatory password reset for all employees. An investigation by Anthem and law enforcement agencies, including the FBI, revealed that the breach likely began with phishing emails sent to employees. Chinese hackers were later linked to the breach. Anthem provided free credit monitoring services to affected individuals and settled civil lawsuits for $115 million. The breach highlighted significant cybersecurity vulnerabilities and led to a $16 million settlement with the Department of Health and Human Services. It underscored the importance of robust cybersecurity measures in the healthcare sector to protect sensitive personal data.