Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. The attack exposed information that included names, birthdates, Social Security numbers and medical IDs.
Hackers used a common email technique called spear-phishing in which unwitting company insiders are tricked into revealing usernames and passwords. The Anthem attackers gained the credentials of system administrators, allowing them to probe deeply into the insurer’s systems.
The Blue Cross-Blue Shield insurer said it will pay $39.5 million to settle an investigation by a group of state attorneys general. The company also agreed nearly two years ago with the U.S. Department of Health and Human Services to pay $16 million to settle possible privacy violations.
Indianapolis-based Anthem Inc. provides coverage to more than 42 million people in several states, including key markets like California and New York. The company discovered the data breach in early 2015 after hackers had been burrowing into its systems for weeks. Security experts said at the time that the size and scope of the attack indicated potential involvement by a foreign government. Last year, a federal grand jury indicted two members of a hacking group operating from China in the attack.
Spear-fishing attacks like these are not limited to large corporations like Anthem. These attacks happen on all levels – including small businesses. 91% of cyberattacks start with an email and 43% of all cyberattacks target small businesses. Layers of security are the only answer and we can help you be prepared to prevent these attacks on your business. Contact us at 502.267.2552 to learn more.