�鶹Ů��

Anthem Inc., the country’s second-biggest health insurer, said hackers broke into a database containing personal information for about 80 million of its customers and employees in what is likely to be the largest data breach disclosed by a health-care company. Investigators are still determining the extent of the incursion, which was discovered last week, and Anthem said it is likely that “tens of millions” of records were stolen. The health insurer said the breach exposed names, birthdays, addresses and Social Security numbers but doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers, nor are there signs the data are being sold on the black market. (Wilde Mathews and Yadron, 2/4)

Anthem, one of the nation’s largest health insurers, said late Wednesday that the personal information of tens of millions of its customers and employees, including its chief executive, was the subject of a “very sophisticated external cyberattack.” The company, which is continuing its investigation into the exact scope of the attack, said hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees. (Abelson and Goldstein, 2/5)

Anthem has more than 37 million members in California and 13 other states. But the company warned that it also had information in its database on other Blue Cross Blue Shield patients from all 50 states who had sought care in its coverage area. Suspicious activity was first noticed and reported Jan. 27. Two days later, an internal investigation verified that the company was a victim of a cyberattack, the company said. The unauthorized access to the vast database goes back to Dec. 10. (Terhune and Parker, 2/4)

[Joseph R. Swedish, president and chief executive of the Indianapolis-based company] said the company would individually notify everyone whose information has been accessed and would provide credit monitoring and identity protection free-of-charge. The company referred customers to a dedicated Web site for further information. (Barbash, 2/5)

Because no actual medical information appears to have been stolen, the breach would not come under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information. No credit card information was obtained, the company said in a statement e-mailed to USA TODAY. The hackers were probably not interested in medical information about Anthem's customers, said Tim Eades, CEO of computer security firm vArmour in Mountain View, Calif. (Weise, 2/5)

The Indianapolis-based insurer said credit card information wasn’t compromised, and it has yet to find evidence that medical information such as insurance claims and test results was targeted or obtained. It was still trying to determine exactly how many people were affected. A spokeswoman said the insurer was working with federal investigators to figure out who was behind the attack. (2/5)

In California, where Anthem offers Blue Cross Blue Shield plans, spokesman Darrel Ng said that as soon as the insurer learned about the attack, every effort was made to "close the security vulnerability." The FBI has also been contacted, Ng said, and the company and the agency are working together in the investigation. Anthem Inc. has also retained Mandiant, one of the world's leading cybersecurity firms, to evaluate its systems and identify solutions to prevent further security breaches. (Nelson, 2/4)

U.S. Rep. Michael McCaul, R-Texas, chairman of the Committee on Homeland Security, released a statement following the hack on Anthem, saying it illustrated why stronger cybersecurity laws are needed. "This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," said McCaul. "I will lead this effort with other committees in the house and senate to ensure we move forward with greatly needed cybersecurity legislation as soon as possible." (Williams, 2/4)

The attack is the latest in series of hacks targeting high-profile corporations. Previous victims have included retailers like Target and Home Depot, banks like J.P. Morgan & Chase and entertainment conglomerate Sony Pictures. Anthem said it had detected the breach itself and would notify affected customers via letter and e-mail. The insurer said it would also set up a information website and offer a credit-monitoring service. The early public disclosure is a departure from the tactics of previous victims like Target, which was heavily criticized for not reporting breaches soon enough. (2/5)