Only one week after Anthem accepted to pay $115 million to victims of its massive February 2015 data breach that impacted the 78.8 million people, the company confronts another data breach discovered by a contractor, this time affecting over 18,500 of Anthem Medicare members.
LaunchPoint Ventures, which gives insurance coordination services to Anthem, learned in the month of April that a worker likely was engaged in identity theft activities. The contractor then employed a forensic firm to assess suspicious incidents.
In the month of late May, LaunchPoint learned that the employee might have accessed data of other LaunchPoint customers, in addition to that of Anthem. The inquiry further determined that the worker emailed a file with information on Anthem members to his personal address in the month of July 2016; the inquiry couldn’t determine if the employee had a legitimate work-related reason for doing so.
LaunchPoint says the worker has since been terminated and is now being held by law enforcement on charges that are unrelated to the Anthem breach.
In June, LaunchPoint was capable to confirm that the Anthem data emailed by the worker contained protected health information of Anthem Medicare members. There is not yet evidence the data was misused. Compromised member information includes Medicare ID numbers including Social Security numbers, health plan ID numbers, Medicare contract numbers, dates of enrollment, and a restricted number of last names and dates of birth.
LaunchPoint is now reinforcing policies and protocols, and evaluating additional safeguards. The company is providing affected individuals 2 years of free credit monitoring and identity theft services with AllClear ID.
Anthem refused to comment on the incident, and executives didn’t say whether it will continue to use LaunchPoint’s services.