Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

Massive Anthem Data Breach

Anthem Data Breach(February 5, 2015): A massive Anthem data breach has occurred.  It is estimated that Anthem’s data breach may have exposed the account information for as many as 80 million members. “Anthem was the target of a very sophisticated external cyber attack,” Anthem president and CEO Joseph Swedish said in a statement posted on a website Anthem created for information about the incident.

The hackers gained access to the company’s IT system and account information that included patient names, birthdays, medical IDs / Social Security numbers, street addresses, e-mail addresses and employment information, including income data. The breach even included access to the personal information for Anthem’s own associates, including Mr. Swedish.

However, the Anthem data breach apparently did not involve any credit card or medical information, such as claims, test results, or diagnostic codes), otherwise known as protected health information (PHI). As a result, the breach does not appear to involve a Health Insurance Portability and Accountability Act (HIPAA) violation.

When the Anthem data breach was discovered, Anthem contacted law enforcement officials and the FBI. Anthem has also retained Mandiant, one of the world’s largest cybersecurity firms, to evaluate the insurer’s systems and identify solutions to mitigate against future breaches. According to Vitor De Souza, a spokesman for Mandiant, this breach would make it “the largest health care breach to date.”

Anthem has set up a website, www.anthemfacts.com, where its members can access information about the breach. The company has also provided a toll-free number, 877-263-7995, for current and former members to call. Anthem will also provide credit monitoring and identity protection services free of charge to those who have been affected by the breach.

HIPAA requires health care companies and providers to inform affected patients / consumers, as well as regulators, whenever the companies suffer a data breach that involves personally identifiable information. What is notable here, though, is that Anthem decided to publicly acknowledge the breach within a week of its discovery.

Moreover, Anthem is quite fortunate that the breach did not involve any PHI or HIPAA violations. HIPAA violations are quite expensive and the penalties for non-compliance can range from $100 to $50,000 per violation.

The latest breach is another indication that companies and providers of all sizes are vulnerable to attack. Even the nation’s second largest health insurance company, presumably using an intricate IT protection system, is not completely safe from sophisticated and targeted attacks. While your practice may not be 100% safeguarded against such attacks, the best measure to ensure that you have the processes and procedures in place is to develop and implement an effective compliance program. An effective compliance program can protect your practice by detecting and preventing any improper conduct, including potential breaches of PHI. If you need help developing and implementing a compliance program for your practice, please feel free to call us today. We would be more than happy to assist you and help protect your clients’ sensitive health information.

Saltaformaggio, RobertRobert Saltaformaggio, Esq., serves as an Associate at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care practices around the country in connection with Medicare, Medicaid and private payor audits.  The firm also represents health care providers in connection with HIPAA Omnibus Rule risk assessments, privacy breach matters, State Licensure Board inquiries and regulatory compliance reviews.  For a free consultation, call Robert at:  1 (800) 475-1906

  • Advertisement

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.