[LONDON] Health insurer Anthem Inc said hackers broke into a database containing personal information on about 80 million of its customers and employees, the Wall Street Journal reported.
Investigators are still determining the extent of the incursion that was discovered last week, and Anthem said it is likely that tens of millions of records were stolen, the Journal reported. Reuters could not immediately reach Anthem for comment.
The company told the Journal that the breach exposed names, birthdays, addresses and Social Security numbers but did not appear to involve medical information or financial details such as credit card or bank account numbers, nor were there signs the data was being sold on the black market. "This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,"US Rep Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday.
The FBI had warned last August that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on US hospital group Community Health Systems Inc that resulted in the theft of millions of patient records.
Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
Security experts say cyber criminals are increasingly targeting the US$3 trillion US healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.
Anthem, which detected the breach, said it would send a letter and email to everyone whose information was stored in the hacked database, the newspaper reported. It is also setting up an informational website and will offer to provide a credit-monitoring service.