Insider Theft at Anthem Results in 18,500 Members Having Their Data Breached
"LaunchPoint learned that some other, non-Anthem data, may have been misused by the employee."
Insurance giant Anthem is once again reporting that they have suffered a data breach. The cause this time seems to have been one of Anthem's very own employee.
The rogue employee sent 18,500 member records to their private email account. The revelation came on April 17, 2017 when Anthem's coordination firm, LaunchPoint Ventures, learned that one of their employees was "likely involved in identity theft related activities." A forensic firm was hired to investigate the situation and discovered that the worker had misused another company's data and had emailed them-self membership records to an external email on July 8, 2016.
"On May 28, 2017, LaunchPoint learned that some other, non-Anthem data, may have been misused by the employee. LaunchPoint then learned the employee emailed a file with information about Anthem companies’ members to his personal email address on July 8, 2016. This action violated LaunchPoint’s policies. The investigation is on-going. LaunchPoint does not know if the email was related to a legitimate work purpose."
All members that have been affected by the breach have been contacted and are being offered support in the form of free credit monitoring services for 2 years with AllClear ID.
"On June 12, 2017, LaunchPoint confirmed the file included the Protected Health Information (“PHI”) of Anthem members and reported the incident to Anthem on June 14, 2017. LaunchPoint does not have any information to suggest that the data on the file was misused.
The personal information on the file primarily included Medicare ID numbers (HICN) which includes a Social Security number, Health Plan ID numbers (HCID), Medicare contract numbers, and dates of enrollment. A very limited number of last names and dates of birth were also included. LaunchPoint is in the process of contacting these individuals."
In an open letter to the media Anthem informs that "LaunchPoint has terminated the employee, hired a forensic expert to investigate, and is working with law enforcement. The employee has been incarcerated and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file. LaunchPoint is reinforcing existing policies and protocols and is evaluating additional safeguards to prevent any similar incidents from occurring in the future."
In 2015 Anthem was also involved in a data breach in which almost 80 million records were stolen. Anthem had agreed earlier this year to settle in a class action lawsuit for a record breaking $115 million.