fb-pixel Skip to main content

Nearly 1 million in Mass. affected by Anthem data breach

Hackers accessed personal information about nearly 1 million Massachusetts consumers during a recent data breach at Anthem Inc., the national health insurance company said Tuesday.

Anthem said 967,000 people living in Massachusetts were affected. They include current and former members of Anthem, as well as members of Blue Cross and Blue Shield plans who used their insurance in a state where Anthem operated over the last decade.

Indianapolis-based Anthem runs Blue Cross and Blue Shield plans in 14 states. Blue Cross Blue Shield of Massachusetts operates separately.

Nationwide, Anthem believes hackers accessed information on about 78.8 million people, including, names, Social Security numbers, dates of birth, contact information, and employment information.


The company said no credit card information, banking information, or confidential health information was compromised.

Blue Cross Blue Shield of Massachusetts said 375,000 of its members were affected, but that most of them live in another state, working for employers based in Massachusetts.

“A representative from Blue Cross Blue Shield of Massachusetts will personally call the very small fraction of those members who also had their Social Security numbers accessed,” the insurer said in a statement.

Millions of other consumers across New England were also affected by the breach, according to Anthem.

They include 1.7 million in Connecticut, 531,000 in Maine, and 668,000 in New Hampshire, three states where Anthem operates health plans.

In Vermont, 72,000 were affected, and in Rhode Island, 79,000.

Anthem said it discovered the “very sophisticated external cyberattack” on Jan. 29.

It has notified some customers by e-mail and will start mailing notices to others next week.

“Every one of these individuals, these 78.8 million members, will be notified directly,” said Kristin Binns, an Anthem spokeswoman.

The company, formerly known as WellPoint, said it would provide free credit monitoring and identity protection services to customers whose data were compromised.


It has set up a website — www. anthemfacts.com — with more information .

“Members who have been impacted, we encourage them to visit that site,” Binns said. “The hope is that would give members some peace of mind.”

Anthem is working with the Federal Bureau of Investigation and cybersecurity specialists to determine how the attack occurred.

Its breach is the biggest in the health care industry since Chinese hackers stole Social Security numbers, names, and addresses from 4.5 million patients of Community Health Systems Inc., the second-biggest for-profit hospital chain, last year.

The attack is on a similar scale to hacks of customer data from Target Corp. and Home Depot Inc.

The Target breach affected 950,000 people in Massachusetts, according to the state Office of Consumer Affairs and Business Regulation.

They were among 1.2 million people in Massachusetts whose personal and financial data were compromised in 2013, as cybercrime became more sophisticated and more common.

New York financial giant JPMorgan Chase & Co. and Framingham-based office supplier Staples Inc. have also been targets of cyberattacks.

The number of US data breaches tracked in 2014 hit a record high of 783, according to a recent report from the Identity Theft Resource Center, a San Diego organization that monitors cybercrime.

Breaches in the health care industry represented more than 42 percent of all those identified in 2014.

Information from Bloomberg News was used in this report. Priyanka Dayal McCluskey can be reached at priyanka.mccluskey@globe.com. Follow her on Twitter @priyanka_dayal.