Anthem Breach Exposed Personal Data of Up to 80 Million Health Plan Members
Anthem disclosed that attackers breached its systems and stole personal information tied to as many as 80 million current and former members and employees, making the incident one of the largest healthcare data breaches on record. The company said a sophisticated external attack exposed names, birth dates, medical or member IDs, Social Security numbers, street addresses, email addresses, phone numbers, and employment and income information across multiple Anthem brands, including Anthem Blue Cross, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. Anthem said there was no evidence that credit card data or medical records such as claims, test results, or diagnostic codes were taken.
The insurer said it discovered the intrusion, notified the FBI, hired Mandiant to conduct a forensic investigation, and planned to offer affected individuals free credit monitoring and identity protection services. Reporting said the compromised database was not encrypted at rest and that investigators were examining whether the attackers used stolen administrator credentials, with some scrutiny falling on possible links to Chinese cyberespionage activity. The breach also underscored a broader surge in attacks on healthcare organizations, where rich stores of personally identifiable information had made the sector an increasingly attractive target for cybercriminals.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
State attorneys general and FBI investigate Anthem breach
Following the breach disclosure, multiple U.S. state attorneys general opened investigations and the FBI continued its inquiry. Reporting also said investigators were examining possible links to China and tools associated with Chinese cyberespionage groups.
Anthem says affected customer data was not encrypted at rest
Subsequent reporting said the breached Anthem database was not encrypted at rest and that attackers had bypassed security protocols by compromising an administrator's credentials. Anthem argued HIPAA did not specifically require encryption and said other controls had been in place.
Anthem publicly discloses breach affecting about 80 million people
On February 4, 2015, Anthem disclosed that attackers accessed a database containing records for roughly 80 million current and former members and employees. Exposed data included names, birth dates, medical IDs or Social Security numbers, addresses, email addresses, and employment and income information, while Anthem said no credit card or medical claims data appeared compromised.
Anthem discovers major cyberattack and notifies the FBI
Anthem said it discovered a sophisticated external cyberattack against its systems and notified law enforcement, including the FBI. The company also retained Mandiant to investigate and assess its systems.
More than 10 million affected by healthcare breaches in 2014
According to the U.S. Department of Health and Human Services as cited by the Boston Globe, more than 10 million people were affected by healthcare data breaches in the prior year. The article frames this as part of a broader rise in cybercrime targeting the healthcare sector.
Healthcare breaches affect more than 11 million people in 2011
The Boston Globe reference says 2011 had been the worst year for healthcare hacking up to that point, with more than 11 million people affected. This provides earlier sector context for the later Anthem incident.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Hackers mine for gold in medical records - The Boston Globe
bostonglobe.com
Open sourceAnthem Hacking Points to Security Vulnerability of Health Care Industry - The New York Times
nytimes.com
Open sourceHealth Insurer Anthem Struck By Massive Data Breach
forbes.com
Open source[no-title]
usatoday.com
Open sourceAnthem's stolen customer data not encrypted - CNET
cnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Healthcare and Insurance Data Breaches Impacting Millions
Several major organizations in the healthcare and insurance sectors have disclosed significant data breaches affecting millions of individuals. ARC Community Services reported a ransomware attack by the INC Ransom group, resulting in the exfiltration of sensitive patient data, including health and financial information. Aflac confirmed that a June cyberattack led to the theft of files containing insurance claims, health data, and Social Security numbers for over 22 million customers, with no operational disruption but widespread exposure of personal information. The Louisiana Office of Student Financial Assistance (LOSFA) notified students of unauthorized access to its systems, exposing names and Social Security numbers, though certain savings accounts were not affected. Oklahoma Spine Hospital agreed to a $1.1 million settlement following a July breach that compromised the data of nearly 39,000 patients, including medical and financial details. These incidents highlight the ongoing threat posed by cybercriminals targeting sensitive data in the healthcare and insurance industries. Victims in these breaches are being offered credit monitoring and identity protection services, and regulatory notifications have been issued. The attacks have prompted legal action, regulatory scrutiny, and, in some cases, leadership changes within affected organizations. Law enforcement and cybersecurity experts have been engaged to investigate and mitigate the impact of these breaches, which are part of a broader trend of targeted attacks against organizations handling large volumes of personal and health-related information.
Mar 21, 2026
Multiple Healthcare Data Breaches Impacting U.S. Medical Providers
Several U.S. healthcare organizations have disclosed significant data breaches involving unauthorized access to patient and employee information. MedStar Health reported that an unauthorized third party accessed internal systems containing sensitive patient data, including names, dates of birth, Social Security numbers, and medical information. The Rhysida threat group claimed responsibility for this attack, alleging the exfiltration and leak of over 7 million pieces of patient data. Brevard Skin and Cancer Center also confirmed a cyberattack in which the Pear threat group claimed to have stolen 1.8 terabytes of data, affecting both patient and employee records with information such as Social Security numbers, health conditions, and billing details. Both organizations have offered complimentary credit monitoring and identity theft protection to affected individuals and are reviewing their cybersecurity measures. Henry Ford Health in Michigan disclosed an insider data breach affecting nearly 2,000 patients, resulting in the termination of the responsible employee and notification to those impacted. While details on the specific data accessed were not provided, credit monitoring services have been offered. These incidents highlight the ongoing risks faced by healthcare providers from both external threat actors and insider threats, emphasizing the need for robust security policies and continuous evaluation of protective measures to safeguard sensitive health information.
Mar 21, 2026
Multiple Healthcare Data Breaches Expose Patient Information
Several healthcare organizations in the United States have reported significant data breaches resulting in the exposure of protected health information (PHI) for tens of thousands of patients. TriZetto Provider Solutions, a revenue management service provider, discovered unauthorized access to its web portal dating back to November 2024, with attackers accessing historical eligibility transaction reports containing sensitive patient data such as names, addresses, Social Security numbers, and health insurance details. The breach was detected in October 2025, after which immediate remediation steps were taken, including engaging Mandiant for investigation and securing the affected systems. Other incidents include breaches at Morton Drug Company in Wisconsin, Physicians to Children & Adolescents in Kentucky, the Center for Urologic Care of Berks County in Pennsylvania, North Atlantic States Carpenters Health Benefits Fund in Massachusetts, and Millcreek Pediatrics in Delaware. These breaches involved unauthorized network access and resulted in the exposure of PHI, including names, birth dates, medical record numbers, prescription information, and, in some cases, Social Security numbers. Affected organizations have notified impacted individuals and are offering credit monitoring services where appropriate, while also implementing enhanced security measures to prevent future incidents.
Mar 21, 2026