Anthem Hack Largest Health Care Data Breach Ever: Does the Health Care Industry Have a Target on its Back?

Monday, February 16, 2015
If you are in the health care industry, WAKE UP! You are absolutely, 100 percent a target for cyberthieves.

On February 4, 2015, Anthem, Inc., announced that it had been hacked by cyberthieves. The personal information of around 80 million customers and employees was exposed. If an attack like this can happen to one of the biggest health insurers in the United States, it can happen just as easily to small providers.

How Did Hackers Get into the Anthem System?

According to Becker's Hospital Review, it is believed that the hackers broke into Anthem's network by stealing the company's administrator's login credentials. The hackers allegedly got the credentials of five Anthem technology workers, and then used targeted phishing campaigns to trick network administrators into revealing login information, including a clickable a link that granted the hackers access to their computers. The data that was allegedly exposed included customers' names, social security numbers, contact information, salaries and more.

Click here to read the entire Becker's Hospital Review article.

Lawsuits Filed and More Could be Coming.

After the news broke of Anthem's hack, it didn't take long for the first consumer lawsuits to be filed. At least three Anthem customers, who said their data had been compromised, filed potential class action lawsuits. According to Fortune, the complaints allege that Anthem did not take appropriate measures to encrypt its customers' data. The plaintiffs are suing Anthem for alleged claims ranging from breach of contract to negligence and violations of data breach laws.

To read more on the Anthem hack, click here to read an article from Fortune.

Our Two Cents on the Hack.

During the summer of 2014, the Federal Bureau of Investigation (FBI) warned that the health care industry may be the new target of hackers. The medical industry collects an enormous amount of personal information from patients, which is incredibly valuable to hackers. For example, electronic health records (EHRs) can go for up to $1,300 on the black market.

It's time for health care facilities and owners to face the realities of modern cyber attacks. Protecting patient data is not a one-size-fits-all method, meaning that security measures and access to electronic records should not necessarily be uniform. Health care practices must be vigilant that when they integrate other medical practices and facilities into their organization that they extend these measures to incorporate new employees, new sites and locations, and various technologies.

Remember, Anthem has a very sophisticated IT organization that spends a huge amount of money on security. It doesn't matter how big or sophisticated you are or how much you spend on security - you're still susceptible to  breaches.

For more on protecting yourself and your business, click here for a blog I previously wrote.


Since the health care industry may be the new target of sophisticated hackers, what security measures do you think need to be taken in practices? In your opinion, is there a surefire way to protect patient information? Please leave any thoughtful comments below.

Contact Experienced Health Law Attorneys.

The Health Law Firm routinely represents physicians, pharmacists, pharmacies, optometrists, nurses and other health providers in investigations, regulatory matters, licensing issues, litigation, HIPAA complaints and violations, NPDB actions, inspections and audits involving the Drug Enforcement Administration (DEA), Federal Bureau of Investigation (FBI), Department of Health (DOH) and other law enforcement agencies. Its attorneys include those who are board certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.


Jayanthi, Akanksha. "Anthem Breach Stemmed from Weak Login Security." Becker's Hospital Review. (February 10, 2015). From:

Huddleston, Jr., Tom. "Anthem's Big Data Breach is Already Speakring Lawsuits." Fortune. (February 6, 2015). From:

Keywords: Anthem, insurance, insurer, data breach, encryption, cyber attack, encrypt data, breach of contract, violation of data breach laws, cyber hack, personal information, patient information, cyber security, securing patient data, how to protect patient information, defense attorney, defense lawyer, health law, HIPAA complaint lawyer, HIPAA privacy violation attorney, breach of privacy, medical records security, HIPAA defense attorney, confidential medical records, suit for breach of privacy, The Health Law Firm reviews

The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1999-2015 The Health Law Firm. All rights reserved.
George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in the Legal Specialty of Health Law 2/16/2015

Like this blog? Add your public comments:

Items in bold indicate required information.