The cyberattack on Anthem, one of the nation’s largest health insurers, points to the vulnerability of health care companies, which security specialists say are behind other industries in protecting sensitive personal information.
Experts said the information was vulnerable because Anthem did not take steps, like protecting the data in its computers though encryption, in the same way it protected medical information that was sent or shared outside of the database.
The hackers gained access to up to 80 million records that included Social Security numbers, birthdays, addresses, email and employment information and income data for customers and employees, including its own chief executive.
Anthem officials say they do not know who is behind the attack, but several security consultants have noted that in the past Chinese hackers have shown an interest in going after health care companies. A securities industry consultant who requested anonymity because the investigation was continuing said there were suspicions the hackers might have been working with the backing of a foreign government, or with people with ties to a foreign government.
–
Stolen medical information could also be used to make false insurance claims.
“The value to a criminal of having a full set of medical information on a person can go for $40 to $50 on the street. By contrast, a credit card number is often worth $4 or $5,” Ms. Keefe said.
Nicole Perlroth contributed reporting.
A version of this article appears in print on February 6, 2015, on page B1 of the New York edition with the headline: A Vulnerable Industry. Order Reprints| Today’s Paper|Subscribe
