On November 19, 2025, Anthem, Inc., a major health insurance provider, disclosed a severe data breach exposing personally identifiable information (PII) and protected health information (PHI) of at least 1,162 individuals in Massachusetts. The compromised data includes names, addresses, dates of birth, Social Security numbers, medical records, and driver’s license numbers—high-value targets for identity theft, financial fraud, and blackmail.The breach’s gravity stems from the sensitivity and volume of exposed data, combining PII (e.g., SSNs, driver’s licenses) with PHI (medical records), significantly elevating risks for affected individuals. Such data can fuel medical identity theft, insurance fraud, or extortion, while the inclusion of government-issued identifiers (SSNs) enables long-term identity exploitation.Anthem’s response remains under investigation, but typical protocols involve regulatory notifications, victim outreach (e.g., letters), and credit monitoring offers. The incident underscores critical vulnerabilities in healthcare data security, where breaches of this nature often trigger legal repercussions, reputational damage, and erosion of customer trust. The ongoing probe may reveal further scope, but the confirmed exposure already poses substantial financial, operational, and personal harm risks to victims and the organization.

The California Office of the Attorney General reported that Anthem Blue Cross experienced a data breach on May 7, 2022, affecting personal and protected health information (PHI) of individuals. The breach, which involved unauthorized access to data from a vendor, was reported on September 28, 2022.

The California Office of the Attorney General disclosed a data breach at Anthem Blue Cross, where unauthorized access to its member portal occurred between October 1, 2021, and October 14, 2021. The incident exposed sensitive personal information of affected individuals, including names, dates of birth, addresses, email addresses, phone numbers, and healthcare identification numbers. While the breach did not involve financial data or medical records, the exposure of personally identifiable information (PII) poses risks such as identity theft, phishing attacks, and fraudulent activities targeting the victims. The breach was officially reported on November 24, 2021, highlighting a delay in detection and disclosure. As a healthcare provider, Anthem Blue Cross handles vast amounts of sensitive customer data, making this incident particularly concerning due to the potential for long-term reputational damage and regulatory scrutiny under laws like HIPAA (Health Insurance Portability and Accountability Act). The lack of evidence suggesting ransomware or a broader systemic attack narrows the scope to unauthorized data access, but the scale of exposed records underscores the severity of the incident.

The biggest health insurance provider in the US, Anthem, has agreed to pay $115 million to resolve a class-action lawsuit resulting from the 2015 data breach. Experts who looked into the matter concluded that the attack on Anthem, which revealed 78.8 million records, was most likely a slow, covert information theft that took place over several months rather than a typical smash-and-grab operation. Using a bot infection to steal data from the corporation, the attack was carried out in order to evade detection by the IT and security staff. Names, birth dates, residences, and medical ID numbers are included in the data; financial and health information was kept private.

The second-biggest health insurer in the country, Anthem, recently experienced a data breach that was examined by experts at the security company Check Point. The first indications of the attack, according to statements made public by Anthem, appeared in the middle of last week when an IT administrator discovered a database query was being executed using his identifying code even though he had not started it. After concluding that an attack had taken place, the corporation notified the FBI and engaged a third-party security consultant to conduct an investigation. Investigators have revealed that Anthem's networks were breached and data was stolen using specially designed malware. Although the precise malware type is unknown, it is said to be a variation of a well-known family of hacking tools.

The California Office of the Attorney General reported a data breach involving Anthem Blue Cross on November 20, 2013. The breach occurred due to a PDF document posted on the Anthem website from October 23, 2013, until October 24, 2013, which erroneously displayed provider Tax Identification Numbers. The affected information included names, business addresses, and potentially Social Security Numbers, although it was stated that there was no reason to believe the Social Security Numbers had been compromised.