Contractor breach affects data of 18,500 Anthem members
Only one week after Anthem agreed to pay $115 million to victims of its massive February 2015 data breach that affected 78.8 million individuals, the company faces another data breach discovered by a contractor, this time affecting about 18,500 of Anthem’s Medicare members.
LaunchPoint Ventures, which provides insurance coordination services to Anthem, learned in April that an employee likely was involved in identity theft activities. The contractor then hired a forensic firm to assess suspicious incidents.
In late May, LaunchPoint learned that the employee may have accessed data of other LaunchPoint customers, in addition to that of Anthem. The investigation further determined that the employee emailed a file with information on Anthem members to his personal address in July 2016; the investigation could not determine if the employee had a legitimate work-related reason for doing so.
LaunchPoint says the employee has since been terminated and is now being held by law enforcement on charges that are unrelated to the Anthem breach.
In June, LaunchPoint was able to confirm that the Anthem data emailed by the employee contained protected health information of Anthem members. There is not yet evidence the information was misused. Compromised member information includes Medicare ID numbers including Social Security numbers, health plan ID numbers, Medicare contract numbers, dates of enrollment, and a limited number of last names and dates of birth.
LaunchPoint is now strengthening policies and protocols, and evaluating additional safeguards. The company is offering affected individuals two years of free credit monitoring and identity theft services with AllClear ID.
Anthem declined to comment on the incident, and executives did not say whether it will continue to use LaunchPoint’s services.