An Anthem vendor recently suffered a data breach that could affect 18,580 Medicare members. The company known as LaunchPoint Ventures, LLC (LaunchPoint) is a Medicare insurance coordination services vendor. It came to know that one of its employees “was likely involved in identity theft related activities.”
LaunchPoint also found out that “some other non-Anthem data may have been misused by the employee”. The person emailed file containing PHI. The investigation about the emails is going on.
Affected information included Medicare ID numbers (which includes a Social Security number), health plan ID numbers, Medicare contract numbers, dates of enrollment, and limited numbers of last names and dates of birth.
“LaunchPoint terminated the employee, hired a forensic expert to investigate, and is working with law enforcement,” read Anthem’s online statement. “The employee is in prison and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file.”
Two years of credit monitoring and identity theft restoration services will be provided to the affected individuals.
The data breach is second largest for Anthem in the last two years. Previous breach involves hackers infiltrating an Anthem data base which affected names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.
Anthem CEO Joseph Swedish mentioned that it was sophisticated attack.
A California Department of Insurance report found out the attack originated from outside country.
“This was one of the largest cyber hacks of an insurance company’s customer data,” Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”
Anthem took efforts to secure the data.
“Opening the email permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse,” the Department stated.
____________________________________________________________________________________________
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.