The 2015 cyberattack at Anthem is by far one of the largest data breaches to date. As a result, Anthem recently agreed to pay $16 million to the Federal government. Modern Healthcare brought this interesting information to our attention in their article, “Anthem to pay $16M in record data breach settlement.”

The data breach affected nearly 79 million people. Hackers stole the names, birth dates, Social Security numbers, home addresses and other personal information in the 2015 cyberattack. As part of the settlement, Anthem agreed to a corrective action plan where it will conduct a risk analysis and fix any deficiencies, in addition to $115 million to settle a class action lawsuit.

Anthem did not admit liability for the incident. Attackers managed to infiltrate the organization through spear-phishing emails sent to a subsidiary, obtaining names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information. It is said that Anthem failed to have adequately tightened access controls. They will conduct an enterprise-wide risk analysis, regularly review system activity and put in place effective incident detection and response capabilities.

Melody K. Smith

Sponsored by Data Harmony, a unit of Access Innovations, the world leader in indexing and making content findable.