The financial consequences of Anthem's massive data breach could reach beyond the $100 million mark, according to reports.
The US health-insurance provider's own cyberinsurance policy covers losses of up to $100 million. However, when a company has up to 80 million current customers, former customers, employees and investors to notify, this amount may not be enough.
Last week, Anthem confirmed a security breach that resulted in the exposure and theft of up to 80 million records. Using a stolen password, hackers were able to break into a database that contained the personal information of former and current customers, as well as employees.
According to Anthem CEO Joseph Swedish, the data stolen included client names, dates of birth, physical and email addresses, medical IDs and Social Security numbers. However, the company has said, there is no current evidence to suggest financial information or medical data -- such as test results -- were taken.
Some reports have suggested that the health-insurance provider did not encrypt the Social Security numbers contained in the database.
According to industry news site Insurance Insider's sources, Anthem's cyberinsurance policy -- written by AIG, Lexington, Safehold and Zurich, among others -- could be exhausted due to the "costs of notifying the affected customers." Anthem plans to notify every individual affected by the cyberattack and has also provided a hotline for those with question.
Swedish has called the data breach a "very sophisticated external cyberattack."
Anthem is the second-largest US health-insurance provider. The FBI is investigating the breach, and FireEye's Mandiant cyberforensics team is working with Anthem to analyze the security failure.
Until December, Anthem was known as WellPoint. Anthem is among the 40 US companies that make up the Blue Cross Blue Shield Association.