Safety and Security

Anthem Data Breach Garners $16M Fine


The nation’s second-largest health insurer will pay the government a record $16 million due to a data breach and cyberattack that exposed the customer data of nearly 80 million people.

The settlement between Anthem Insurance and the Department of Health and Human Services represents the largest amount collected by the agency in a health care data breach.

“The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history,” OCR Director Roger Severino said in a press release. “Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information.”

“We know that large health care entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR,” he added.

The breach, discovered by the company in 2015, exposed names, birthdates, Social Security numbers and medical IDs. In 2017, it was reported that an extensive nationwide investigation into the breach is confident that a foreign government likely contracted a hacker to launch the attack on the insurance giant.

“In this case, our examination team concluded with a significant degree of confidence that the cyber attacker was acting on behalf of a foreign government,” Dave Jones, a state insurance commissioner from California, said in a statement.

The investigation also stated that the attack began back in February 2014, though it wasn’t discovered until January 2015. One user at an Anthem subsidiary opened a phishing email that eventually gave the hacker access to Anthem’s entire data warehouse.

In a statement, Anthem said it’s not aware of any fraud or identity theft stemming from the breach. The company provided credit monitoring and identity theft insurance to all customers potentially affected.

“Anthem takes the security of its data and the personal information of consumers very seriously,” the statement said, according to the Associated Press. “We have cooperated with (the government) throughout their review and have now reached a mutually acceptable resolution.”



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.