Anthem Blue Cross and Blue Shield Company Cyber Security Posture
anthem.comAt Anthem Blue Cross and Blue Shield we understand our health connects us to each other. What we all do impacts those around us. So Anthem is dedicated to delivering better care to our members, providing greater value to our customers and helping improve the health of our communities. Independent licensees of the Blue Cross and Blue Shield Association. ANTHEM is a registered trademark of Anthem Insurance Companies, Inc. Products vary by state. Learn more about our plans and legal information at www.anthem.com
ABCBS Company Details
anthembcbs
10579 employees
151058.0
524
Insurance
anthem.com
Scan still pending
ANT_2377097
In-progress
ABCBS Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
ABCBS Global Score.png)
Anthem Blue Cross and Blue Shield Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Anthem Blue Cross and Blue Shield Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Anthem Blue Cross and Blue Shield | Breach | 50 | 2 | 02/2015 | ANT125101123 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: The second-biggest health insurer in the country, Anthem, recently experienced a data breach that was examined by experts at the security company Check Point. The first indications of the attack, according to statements made public by Anthem, appeared in the middle of last week when an IT administrator discovered a database query was being executed using his identifying code even though he had not started it. After concluding that an attack had taken place, the corporation notified the FBI and engaged a third-party security consultant to conduct an investigation. Investigators have revealed that Anthem's networks were breached and data was stolen using specially designed malware. Although the precise malware type is unknown, it is said to be a variation of a well-known family of hacking tools. | |||||||
| Anthem Blue Cross and Blue Shield | Data Leak | 85 | 3 | 06/2017 | ANT2114251123 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The biggest health insurance provider in the US, Anthem, has agreed to pay $115 million to resolve a class-action lawsuit resulting from the 2015 data breach. Experts who looked into the matter concluded that the attack on Anthem, which revealed 78.8 million records, was most likely a slow, covert information theft that took place over several months rather than a typical smash-and-grab operation. Using a bot infection to steal data from the corporation, the attack was carried out in order to evade detection by the IT and security staff. Names, birth dates, residences, and medical ID numbers are included in the data; financial and health information was kept private. | |||||||
| Anthem Blue Cross | Breach | 85 | 4 | 5/2022 | ANT451072525 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported that Anthem Blue Cross experienced a data breach on May 7, 2022, affecting personal and protected health information (PHI) of individuals. The breach, which involved unauthorized access to data from a vendor, was reported on September 28, 2022. | |||||||
| Anthem Blue Cross | Breach | 50 | 2 | 10/2013 | ANT626072725 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: The California Office of the Attorney General reported a data breach involving Anthem Blue Cross on November 20, 2013. The breach occurred due to a PDF document posted on the Anthem website from October 23, 2013, until October 24, 2013, which erroneously displayed provider Tax Identification Numbers. The affected information included names, business addresses, and potentially Social Security Numbers, although it was stated that there was no reason to believe the Social Security Numbers had been compromised. | |||||||
Anthem Blue Cross and Blue Shield Company Subsidiaries
At Anthem Blue Cross and Blue Shield we understand our health connects us to each other. What we all do impacts those around us. So Anthem is dedicated to delivering better care to our members, providing greater value to our customers and helping improve the health of our communities. Independent licensees of the Blue Cross and Blue Shield Association. ANTHEM is a registered trademark of Anthem Insurance Companies, Inc. Products vary by state. Learn more about our plans and legal information at www.anthem.com
Access Data Using Our API
Get company history
Rapid.png)
ABCBS Cyber Security News
Healthcare Data Breach Statistics
Healthcare data breach statistics from 2009 to 2024 in the United States, HIPAA violation statistics, and fines and penalties.
Anthem Blue Cross Blue Shieldโs Anesthesia Policy Reversed After Outrage
The company told Forbes there had been โsignificant widespread misinformationโ about the policy and as a result they are not proceeding withย ...
Insurance Companies Need Strong Security Policies - and Technology
Many insurance companies are offering coverage for data breaches, and indeed a growing number of organizations are purchasing this type of insurance asย ...
Are health hackers the new cyber security threat?
โWe know of multiple threat groups operating out of China that have engaged in attacks in the healthcare industry,โ said Charles Carmakal, anย ...
Cyberattack on insurance giant disrupting business for doctors, therapists
It's all part of the fallout from a cyberattack that a week ago hit Change Healthcare, a unit of health IT giant UnitedHealth that processesย ...
The Healthcare Industry is lagging behind on Cybersecurity
The healthcare industry ranks fifteenth in terms of cybersecurity health when compared to 17 other major U. S. industries. The healthcareย ...
Millions of Anthem Customers Targeted in Cyberattack (Published 2015)
Hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees.
Anthem hack is only tip of the iceberg for Medicare customers
Making Sen$e Medicare Maven Philip Moeller weighs in on the Anthem hack, warning readers about subsequent online fraud efforts trying toย ...
Premera Blue Cross pays 2nd-largest HIPAA fine for 2014 breach
The hackers used a phishing email to install malware that gave them access to Premera's IT system. OCR's investigation found systemicย ...
ABCBS Similar Companies
Zurich Insurance
Zurich Insurance Group (Zurich) is a leading global multi-line insurer founded more than 150 years ago, which has grown into a business serving more than 75 million customers in more than 200 countries and territories, while delivering industry-leading total shareholder returns. Our customers includ
Chubb
Chubb is a world leader in insurance. With operations in 54 countries and territories, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company
Marsh
We help our clients and colleagues grow โ and our communities thrive โ by protecting and promoting Possibility. We seek better ways to manage risk and define more effective paths to the right outcome. We go beyond risk to rewards for our clients, our company, our colleagues, and the communities in w
SBI Life Insurance Co. Ltd.
SBI Life Insurance (โSBI Lifeโ / โThe Companyโ), one of the most trusted life insurance companies in India, was incorporated in October 2000 and is registered with the Insurance Regulatory and Development Authority of India (IRDAI) in March 2001. Serving millions of families across India, SBI Li
China Life Insurance Co.Ltd
China Life Insurance (Group) Company, headquartered in Beijing, is a large state-owned financial and insurance company. Its predecessor,PICC was founded in 1949 and the PICC (Life) Co.,Ltd was set up in 1996 after its separation from the former PICC. In 1999, it was renamed China Life Insurance Comp
Manulife
Manulife is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We have mor
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ABCBS CyberSecurity History Information
How many cyber incidents has ABCBS faced?
Total Incidents: According to Rankiteo, ABCBS has faced 4 incidents in the past.
What types of cybersecurity incidents have occurred at ABCBS?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Data Leak.
What was the total financial impact of these incidents on ABCBS?
Total Financial Loss: The total financial loss from these incidents is estimated to be $115 million.
How does ABCBS detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with check point and law enforcement notified with fbi.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Anthem Blue Cross Data Breach
Description: A data breach involving Anthem Blue Cross occurred due to a PDF document posted on the Anthem website that erroneously displayed provider Tax Identification Numbers.
Date Detected: 2013-11-20
Date Publicly Disclosed: 2013-11-20
Type: Data Breach
Attack Vector: Improper Data Handling
Vulnerability Exploited: Public Exposure of Sensitive Information
Incident : Data Breach
Title: Anthem Blue Cross Data Breach
Description: The California Office of the Attorney General reported that Anthem Blue Cross experienced a data breach on May 7, 2022, affecting personal and protected health information (PHI) of individuals. The breach, which involved unauthorized access to data from a vendor, was reported on September 28, 2022.
Date Detected: 2022-05-07
Date Publicly Disclosed: 2022-09-28
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Data Breach
Title: Anthem Data Breach
Description: The biggest health insurance provider in the US, Anthem, has agreed to pay $115 million to resolve a class-action lawsuit resulting from the 2015 data breach. Experts who looked into the matter concluded that the attack on Anthem, which revealed 78.8 million records, was most likely a slow, covert information theft that took place over several months rather than a typical smash-and-grab operation. Using a bot infection to steal data from the corporation, the attack was carried out in order to evade detection by the IT and security staff. Names, birth dates, residences, and medical ID numbers are included in the data; financial and health information was kept private.
Type: Data Breach
Attack Vector: Bot Infection
Motivation: Data Theft
Incident : Data Breach
Title: Anthem Data Breach
Description: The second-biggest health insurer in the country, Anthem, recently experienced a data breach that was examined by experts at the security company Check Point.
Date Detected: Middle of last week
Type: Data Breach
Attack Vector: Malware
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach ANT626072725
Data Compromised: Provider Tax Identification Numbers, Names, Business Addresses, Potentially Social Security Numbers
Incident : Data Breach ANT451072525
Data Compromised: Personal Information, Protected Health Information (PHI)
Incident : Data Breach ANT2114251123
Financial Loss: $115 million
Data Compromised: Names, Birth Dates, Residences, Medical ID Numbers
What is the average financial loss per incident?
Average Financial Loss: The average financial loss per incident is $28.75 million.
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Provider Tax Identification Numbers, Names, Business Addresses, Potentially Social Security Numbers, Personal Information, Protected Health Information (PHI) and Personally Identifiable Information.
Which entities were affected by each incident?
Incident : Data Breach ANT626072725
Entity Type: Health Insurance Provider
Industry: Healthcare
Location: California
Incident : Data Breach ANT451072525
Entity Type: Health Insurance Provider
Industry: Healthcare
Location: California
Incident : Data Breach ANT2114251123
Entity Type: Health Insurance Provider
Industry: Healthcare
Location: US
Size: Large
Customers Affected: 78.8 million
Response to the Incidents
What measures were taken in response to each incident?
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Check Point.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach ANT626072725
Type of Data Compromised: Provider Tax Identification Numbers, Names, Business Addresses, Potentially Social Security Numbers
Sensitivity of Data: High
File Types Exposed: PDF
Personally Identifiable Information: Names, Business Addresses, Potentially Social Security Numbers
Incident : Data Breach ANT451072525
Type of Data Compromised: Personal Information, Protected Health Information (PHI)
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach ANT2114251123
Type of Data Compromised: Personally Identifiable Information
Number of Records Exposed: 78.8 million
Sensitivity of Data: High
Personally Identifiable Information: Names, Birth Dates, Residences, Medical ID Numbers
Incident : Data Breach ANT125101123
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident?
Incident : Data Breach ANT2114251123
Legal Actions: Class-action lawsuit
How does the company ensure compliance with regulatory requirements?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class-action lawsuit.
References
Where can I find more information about each incident?
Incident : Data Breach ANT626072725
Source: California Office of the Attorney General
Date Accessed: 2013-11-20
Incident : Data Breach ANT451072525
Source: California Office of the Attorney General
Date Accessed: 2022-09-28
Incident : Data Breach ANT125101123
Source: Anthem
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2013-11-20, and Source: California Office of the Attorney GeneralDate Accessed: 2022-09-28, and Source: Anthem.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Check Point.
Additional Questions
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2013-11-20.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2013-11-20.
Impact of the Incidents
What was the highest financial loss from an incident?
Highest Financial Loss: The highest financial loss from an incident was $115 million.
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Provider Tax Identification Numbers, Names, Business Addresses, Potentially Social Security Numbers, Personal Information, Protected Health Information (PHI), Names, Birth Dates, Residences, Medical ID Numbers and .
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Databases.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Check Point.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Provider Tax Identification Numbers, Names, Business Addresses, Potentially Social Security Numbers, Personal Information, Protected Health Information (PHI), Names, Birth Dates, Residences, Medical ID Numbers and .
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 78.8M.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class-action lawsuit.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General, California Office of the Attorney General and Anthem.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
