The Most Worrisome Part of the Anthem Hack
Thieves could rack up charges, alter medical records
By Rob Quinn,  Newser Staff
Posted Feb 5, 2015 11:15 PM CST
Updated Feb 6, 2015 6:49 AM CST
A pedestrian walks past the corporate headquarters of health insurer Anthem, formerly known as WellPoint, in Indianapolis.   (AP Photo/Darron Cummings)
camera-icon View 1 more image

(Newser) – Health insurer Anthem says medical data and credit card details were not taken in a huge data breach, but analysts warn that the stolen medical ID numbers could be an even bigger headache for customers. Identity thieves could use the numbers to rack up their own medical charges—and in the process, alter medical records, which could cause potentially life-threatening mix-ups. "It's like an unlimited credit card that gets you 'free' access to expensive services and drugs," the CEO of ID Experts tells NBC. "Everyone thinks about credit cards and bank accounts, but medical identity theft can be much more damaging and extremely hard to fix." He advises people worried about medical ID theft to scrutinize every statement their insurers send very carefully for suspicious items. More:

  • The Wall Street Journal reports that Anthem stored Social Security numbers unencrypted within its own database (encryption occurred only as info exited or entered it). Encryption isn't a federal requirement, and as the Journal puts it, encryption may have made the data a little less useful to Anthem; for instance, it would have added a level of difficulty to analyzing health trends.
  • Anthem has set up a website to address customer concerns, but even with the free identity-theft protection the company is offering, privacy experts warn that people affected by the biggest health-care data breach on record could face problems for years to come, reports the Indianapolis Star. "This could very well be a lifelong battle either for myself or any of my children," says one Anthem customer.
  • In California, where Anthem is leading a controversial effort to build a database of millions of medical records, patient advocates worried about security are now calling for a boycott of the California Integrated Data Exchange, the Los Angeles Times reports.
Security experts say there are strong indications that China was behind the Anthem cyberattack.