The incident occurred in July 2016, and Anthem began notifying members of the breach last week.
LaunchPoint Ventures, which coordinates Medicare services for Anthem, discovered in April 2017 that one of its employees had breached Anthem members’ information. The employee—who has been fired and is currently being investigated for another, unrelated matter—sent himself a file with 18,580 members’ last names, birthdates, Medicare ID numbers, health plan ID numbers, names and enrollment dates.
The breach disclosure comes a month after Anthem settled a class-action suit over a 2015 data breach for $115 million. In that incident, hackers took the personal information of nearly 80 million employees and members. The settlement was the largest ever in a data-breach case.
Both Anthem and LaunchPoint are notifying those affected, and LaunchPoint is offering two years of free credit monitoring and identify theft restoration. Anthem reported the breach to HHS’ Office for Civil Rights on July 24, and the breach is now one of 173 listed for the year, up 270% from the same period last year.
Anthem issued a statement outlining the particulars of the breach, but the company did not comment further. LaunchPoint was not immediately available for comment.
Related content
Rachel Arndt joined Modern Healthcare in 2017 as a general assignment reporter. Her work has appeared in Popular Mechanics, Quartz, Fast Company, and elsewhere. She has MFAs in nonfiction and poetry from the University of Iowa and a bachelor’s degree from Brown.