The financial consequences of Anthem's massive data breach could reach beyond the $100 million mark, according to reports.
The US health insurance provider's cyber insurance policy, led by the American International Group, covers losses of up to $100 million. However, when a company has up to 80 million current and previous customers, staff and investors to contact, reassure and notify, this amount may not be enough.
Last week, Anthem confirmed a security breach which resulted in the exposure and theft of up to 80 million records. Using a stolen password, hackers were able to break into a database which contained the personal information of former and current clients, as well as employees.
According to Joseph Swedish, President and CEO of Anthem, the data stolen included client names, dates of birth, physical and email addresses, medical IDs and Social Security numbers. However, there is no current evidence to suggest financial information or medical data -- such as test results -- were taken.
Reports suggest the healthcare insurance provider did not encrypt the Social Security numbers contained in the database.
According to The Insurance Insider's sources, Anthem's cyber insurance policy -- written by AIG, Lexington, Safehold and Zurich, among others -- could be exhausted due to "the costs of notifying the affected customers." Anthem plans to notify every individual affected by the cyberattack, and has also provided a hotline for those with questions or queries. In addition, the publication says:
"It is understood that insurers that write Anthem's errors and omissions tower are also concerned that they could be exposed to losses resulting from the breach, although there is not thought to be a clear precedent for such claims."
Swedish called the data breach a "very sophisticated external cyberattack," and said Anthem "joins you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data."
Anthem is the second-largest US healthcare insurance provider. The company's data breach is being investigated by the FBI and FireEye's Mandiant cyberforensics team is working with Anthem to analyze the security failure.
Read on: In the world of security
- Anonymous targets ISIS social media, recruitment drives in #OpISIS campaign
- Poor security left Anthem customer records exposed
- Verizon rushes fix for email account open season security flaw
- Sony executive Amy Pascal steps down following cyberattack, email exposure
- Facebook funds GNU Privacy Guard development
Read on: Fixes and Flaws