New blow for massive health insurance company.
The largest healthcare coverage provider in the US has a little bit of a security problem, as evidenced by their announcement this week. Those not directly connected to the company might have heard the name in the news recently, as Anthem Inc., reached a settlement agreement in June stemming from a 2015 data breach. That single event exposed the personal identifiable information for more than 78 million of its health insurance customers, and Anthem’s payout to affected customers came to a record-setting $115 million.
Only weeks later, Anthem had to disclose a second data breach, this one affecting a decidedly smaller pool of individuals. A little more than 18,000 Anthem customers who are also enrolled in Medicare had their highly sensitive personal data accessed by an unauthorized employee, who then emailed their records to his personal email address. This individual was not actually an Anthem employee, but worked for LaunchPoint Ventures, one of the third-party vendors associated with Anthem.
Foot the bill
This recent breach, reported to the authorities on July 24, actually took place in 2016. In an epic show of karmic justice, the employee in question is already incarcerated and serving time for a completely unrelated crime. LaunchPoint has agreed to foot the bill for two years’ worth of credit monitoring for the affected Anthem customers, but the identity theft damage has likely already been done. While this event is technically not Anthem’s fault, it is yet another example of the rampant and invasive nature of personal big data gathering, along with a lax approach to how it is stored and accessed.
This event adds to a growing list that is compiled each year by the Identity Theft Resource Center, who has just issued its 2017 mid-year data breach report. Sadly, 2017 is on track to break all previous records for yearly data breach numbers; if the pace continues, there will be an estimated 1,500 data breaches this year, which is a 37% increase over last year.