Anthem Inc., the second-biggest U.S. health insurer, said it’s going to take about 10 to 14 days to figure out who was affected by a data breach and begin notifying those people.
The individuals will get letters in the mail and may receive e-mails as well, said Kristin Binns, a spokeswoman for Indianapolis-based Anthem. The costs to deal with the breach won’t hurt this year’s earnings outlook, in part because the company has its own insurance to cover such incidents, she said.
Notifications “will happen as quickly as we can get them out,” Binns said.
Anthem said late yesterday that information such as names, addresses, medical IDs and social security numbers of as many as 80 million people was exposed by a cyber-attack on the company’s system. Employee information was also exposed, including that of Chief Executive Officer Joseph Swedish. The insurer identified the attack in the middle of last week, notified the Federal Bureau of Investigation and hired a cybersecurity firm before publicly disclosing the breach.
“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish wrote in a letter that was posted on a company website and sent to about 3 million people who’ve opted to get e-mails from the insurer. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence.”
Anthem, formerly known as WellPoint, said it would provide free credit monitoring and identity protection services to customers whose data was compromised. Chris Clonts, an Anthem customer in Los Angeles, said he doesn’t want to wait to find out whether his information was taken by hackers.
“What if my data gets sold and there’s three Chris Clonts all of a sudden between now and three weeks from now?” he said by phone. “It just seems that that part of their response is trailing.”
David Cordani, CEO of health insurer Cigna Corp., said the company has worked to tighten its defenses against cyber- attacks. Cigna has hired professionals to attempt to hack into its systems to identify vulnerabilities, he said.
“We take the protection of consumer information and consumer data as a No. 1 priority,” Cordani said in an interview on Bloomberg Television. “We have multiple layers of protection.”
Home Depot Inc. in November said it faced at least $34 million in net expenses after hackers stole 56 million payment cards and 53 million e-mail addresses. The company said it had a $100 million insurance policy for cyberbreaches.
Target Corp. said in August that gross expenses from a December 2013 data breach were $248 million, cushioned by $90 million of insurance.
The cost to deal with Anthem’s breach is “going to be an enormous sum,” said Katherine Keefe, head of Beazley Plc’s breach response service. “Those dollars add up across 80 million people.”
Anthem fell less than 1 percent to $137 at 2:10 p.m. in New York. The shares are up 60 percent over the past year as the Patient Protection and Affordable Care Act, or Obamacare, leads more people to sign up for health insurance. In January, the company forecast sales this year of at least $78 billion.