In February 2015, Anthem, one of the largest health insurance companies in the U.S., suffered a data breach that led to the exposure of personal information of nearly 78.8 million people. The compromised data included names, dates of birth, Social Security numbers, addresses, and income data.
The breach began with a sophisticated spear-phishing email campaign that successfully gained initial access to Anthem’s systems. Following this, the breach was carried out using advanced custom malware, ultimately leading to the exfiltration of a large amount of sensitive personal data.
Following the breach, Anthem offered credit monitoring and identity protection services to affected customers. The company also worked closely with law enforcement agencies in their investigation and improved its security infrastructure to prevent such incidents in the future.
The Anthem breach remains one of the most significant data breaches within the healthcare sector and serves as a stark reminder of the importance of robust and proactive cybersecurity measures.