Hot on the heels of one of the largest pay-outs in data breach history (a cool $115m to cover the credit monitoring of some 79 million individuals), Anthem Inc – the number one provider of health insurance in America – has admitted to another haemorrhage of sensitive information on over 18,000 of its Medicare clients. The culprit this time is a rogue employee of LaunchPoint Ventures, a third party contractor who provides Anthem with consulting solutions.
In July 2016 the staffer emailed the personal details of 18,000 Anthem members, including Medicare ID, Social Security, Health Plan ID and Medicare contract numbers, to their personal mailbox. It took LaunchPoint several months to trace the leak but it eventually leapt into action – firing the employee, reaching out to victims and helping the police with their enquiries. It is as yet not known to what purpose the employee emailed themselves the details – whether it was for valid work reasons or for criminal purposes.
Anthem seems to be making a bit of a habit out of data breaches… not only was there the large 2015 incident, it also took a $1.7m data breach hit in 2010, back in the days when it was known as WellPoint. While this latest incursion is a mere ingrown toenail compared with the coronary thrombosis it suffered in 2015, the data security of Anthem and its contractors is looking decidedly peaky.