This time, the data breach affected 18,500 members and their protected health information (PHI).
According to the media alert, the Anthem breach was caused by a contractor emailing a file containing a member’s personal information to his personal email address in July 2016.
On July 24th, Anthem reported the breach to the United States Department of Health and Human Services.
On April 12th of 2017, LaunchPoint Ventures LLC, a contractor working with Anthem, discovered that one of their employees was involved in identity theft activities. LaunchPoint then hired a forensic firm to investigate the matter.
The investigation determined that the employee had sent an email containing the PHI of 18,500 Anthem members to their personal email.
The investigation is still ongoing and it is unclear whether the email was work related or not.
The type of information that was in the target file included medical information such as the member’s Medicare ID number, social security number, birthdates, names, and date of enrollment.
LaunchPoint informed Anthem that it was not sure whether the information was misused or not. Additionally, the employee that committed the act has been terminated by LaunchPoint and is currently incarcerated.
This is incredibly bad timing for Anthem. The health insurer recently just settled the largest data breach settlement in history for the 2015 cyber attack that affected nearly 80 million records.
Although this particular breach affected a smaller number of people, it highlights a weakness for insurance companies using third party contractors due to the lack of control in their behavior.
To combat this weakness, covered entities and business associates must take more proactive measures to protect their consumer’s PHI. A great example of protection services for this is implementing Data Loss Prevention (DLP).
With DLP, you can make sure that no sensitive information (such as credit card information, credit monitoring, health plans, or health care ids) will be leaked via email without prior approval or knowledge, as well as other additional substantial benefits.
This information security is crucial in this age of frequent cyber attacks and data breaches, as seen with LaunchPoint and Anthem. You can never be too careful when it comes to data security and identity protection services.