Anthem data breach cost likely to smash $100 million barrier

The company's cyber insurance policy is likely to be exhausted following the theft of up to 80 million records.
Written by Charlie Osborne, Contributing Writer
The financial consequences of Anthem's massive data breach could reach beyond the $100 million mark, according to reports.

The US health insurance provider's cyber insurance policy, led by the American International Group, covers losses of up to $100 million. However, when a company has up to 80 million current and previous customers, staff and investors to contact, reassure and notify, this amount may not be enough.

Last week, Anthem confirmed a security breach which resulted in the exposure and theft of up to 80 million records. Using a stolen password, hackers were able to break into a database which contained the personal information of former and current clients, as well as employees.

According to Joseph Swedish, President and CEO of Anthem, the data stolen included client names, dates of birth, physical and email addresses, medical IDs and Social Security numbers. However, there is no current evidence to suggest financial information or medical data -- such as test results -- were taken.

Reports suggest the healthcare insurance provider did not encrypt the Social Security numbers contained in the database.

According to The Insurance Insider's sources, Anthem's cyber insurance policy -- written by AIG, Lexington, Safehold and Zurich, among others -- could be exhausted due to "the costs of notifying the affected customers." Anthem plans to notify every individual affected by the cyberattack, and has also provided a hotline for those with questions or queries. In addition, the publication says:

"It is understood that insurers that write Anthem's errors and omissions tower are also concerned that they could be exposed to losses resulting from the breach, although there is not thought to be a clear precedent for such claims."

See also: Anthem hack: Seven ways to protect yourself right now

Swedish called the data breach a "very sophisticated external cyberattack," and said Anthem "joins you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data."

Anthem is the second-largest US healthcare insurance provider. The company's data breach is being investigated by the FBI and FireEye's Mandiant cyberforensics team is working with Anthem to analyze the security failure.

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards