Anthem Insurance Cyber Attack
Lawsuit, Timeline and Details on BlueCross BlueShield
Anthem's massive data breach
Who was attacked?
Anthem is a managed healthcare company within the Blue Cross Blue Shield (BCBS) umbrella—in fact, it's the largest such company in the BCBS network. So, when it announced a major data breach in January 2015, it's no surprise that hundreds of thousands of policyholders were concerned. 
What allowed Anthem to come through the fire with little brand damage when other corporations didn't fare as well in similar circumstances? According to Anthem, the reason is simple: It followed its own protocols, which were planned in case a cybersecurity event occurred.
What happened - details and timeline:
Anthem originally reported that about 40 million records were compromised in the hack, but final numbers rose as high as around 80 million impacted customers. The compromised information spanned numerous business lines, such as Healthlink, Unicare, Amerigroup, and several Blue Cross Blue Shield plans. Anthem called the attack "very sophisticated," and reported that it compromised records including phone numbers, email addresses, social security numbers, addresses, dates of birth, and names.
How did Anthem respond to these cybercriminals?
While the breach may have occurred for weeks before it was discovered, Anthem has been commended for its fast action after discovery. Anthem states that it immediately began work to address security issues that led to the hack, and it contacted the FBI immediately as well.
Anthem, perhaps learning from its predecessors in cyber attack situations, also took consumer-facing steps; these steps are always beneficial to the customer and the brand. Anthem immediately began notifying its policyholders of the issues. Because it can take weeks to determine which records were compromised in any breach, Anthem first sent out a blanket email and hardcopy letter to all policyholders. The letters explained that a breach had occurred and noted that those directly impacted by the breach would be provided with further information.
Anthem also provided its customers with some basic identity theft protection services and offered customers who were impacted by the hack the option of enrolling in further protection on Anthem's dime. The organization continued to update its customers via letters, emails, and notices on its web portal.
Impact on the Anthem Stock Price:
In May, only about three months after Anthem first announced the hack, Wedbush Securities conducted a survey regarding consumer perception of insurance companies. The report indicated that 45 percent of individuals polled said that Anthem was a better company than similar insurers. Before the breach, that number was 51 percent, indicating only a slight drop in confidence after the cyber attack.
While its brand seems to be weathering the storm fairly well, Anthem certainly isn't without some woes related to the breach. In fines alone, the company could pay up to $16 billion. That accounts for up to $200 for every breached record.
Takeaways from Anthem's data breach include:
· Any organization that houses identifying information is at risk for a cyber attack—not just financial or retail enterprises.
· A pro-active approach to a cyber attack can make a difference in how the brand is impacted over time
· Planning now for a possible future attack prepares an organization to react appropriately.
 Abelson, Reed, and Matthew Goldstein. "Millions of Anthem Customers Targeted in Cyberattack." The New York Times. The New York Times, 04 Feb. 2015. Web. 03 July 2015.
Transcript of Speech on the Anthem Cyber Issue:
So the Anthem Insurance (BlueCross BlueShield) was a massive data breach because nearly 37.5 million medical records, data, patient data were stolen vis-a-vis the servers of Anthem, which is the Blue Cross Blue Shield conglomerate. That is what Anthem Insurance is collectively and I mean that represents millions of people in America. Almost one in a ten people have Blue Cross Blue Shield Insurance, so this is a massive population of people.
In February of 2015, Anthem announced that thirty-seven and a half million individuals’ data/private data had been stolen through their personal servers or the company servers. So, my guess is that, I believe, they came through phishing attacks on some of the employees of Anthem. So with a phishing attacker it is essentially installing malware on an employees computer when an employee clicks a link through their email, right. So when an employee gets an email from an outside party and these hackers, these cyber attackers send the email, the employee clicks the link within that email and then the email itself, they download something locally to their desktop and that becomes malware. That affects a variety of people and they probably targeted either the Chief Information Security Officer (CISO) or some higher-level employee, because getting access to such valuable information is pretty hard to do with this multi-billion dollar corporation.
So, once they announced the attack it turned out that there were more than thirty-seven and a half million people who are affected by Anthem Insurances' cyber attack, they estimate around eighty million people in all were affected. But what they have done, and I would have done this differently if I were running the company rather than the Chief Information Officer for Anthem, they slowly announced this, right. Because the SEC does not have defined rules yet, although I recommend that in our book Cyber Nation, the SEC and the, you know we have to do a better job coming up with rules to prescribe to these companies, right. But they told the FBI first, right, so they worked with the FBI for a little bit, the Federal Bureau of Information or Investigations. Once they worked with the FBI, the FBI then gave them a course of action, we do not have much more data other than the fact that we believe that they were attackers from abroad. But after working with the FBI they did announce this publicly, so they have offered some credit protection services and they are working with third parties. But I think that Anthem must work harder to protect Americans private data and their insurance data.
Companies should go to the FBI but I think they should take proactive measures prior to being attacked, use some of the companies we talk about in Cyber Nation. Work with private vendors before you have to go to the FBI, but as a consumer there was little you could do, right. I mean your information is stole and there is little repercussions on the company other than joining a class action lawsuit. But class action lawsuits take years upon years to resolve and you will probably never see a dime. Frankly your data is more valuable than the fifty or one hundred dollars you might get in the class action lawsuit.
So if people want to better understand cybersecurity, start ups and the enterprise companies that are defending America from cyber attacks they should learn about the venture capital and angel investing firm Angel Kings - as we invest capital in top cybersecurity companies.