INDIANAPOLIS — Health care offers attractive growth opportunities for cyber criminals looking to steal personal information, the hacking of a database maintained by the second-largest US health insurer illustrates.
The latest breach, reported late Wednesday by the health insurer Anthem Inc., follows a year in which more than 10 million people were affected by health care data breaches — including hacking and accidents that exposed personal information, like losing a laptop — according to a government database. The numbers, compiled by the Department of Health and Human Services, show that last year was the worst for health care hacking since 2011, when more than 11 million people were affected.
The rise may be linked to businesses clamping down after massive breaches at Target and Home Depot. That has made it more difficult, in some cases, for cyber thieves, so they’ve turned to health care systems.
Experts say health care companies can offer many entry points for crooks. And once criminals get personal information, they can use it for more extensive and lucrative schemes.
‘‘If someone steals your credit card and home address, they might be able to buy something, but you can usually get that locked down quickly,’’ said Tony Anscombe, a security expert at AVG Technologies. ‘‘With medical records and a Social Security number, it’s not so simple.’’
Anthem said hackers broke into a database with information on 80 million people. The Blue Cross Blue Shield insurer said hackers got names, birth dates, e-mail addresses, employment details, Social Security numbers, incomes, and street addresses. The insurer, which covers 37 million people, said credit card data wasn’t compromised, and it has yet to find evidence that medical information was targeted. Anthem doesn’t know how many people were affected, but said it was probably ‘‘tens of millions.’’
Massachusetts Attorney General Maura Healey said she has begun an investigation of the Anthem breach.