Anthem said that hackers stole the identities of customers across all of its business units.
It has about 37 million customers in the USA and has reported the attack to the Federal Bureau of Investigations (FBI).
It has said it has now closed the hole but that’s somewhat equivalent to closing the gate once the horse has bolted.
The hackers do not appear to have had access to Anthem customers’ credit card records.
It has set up a website to try to explain what happened, with its CEO and president claiming his company had state of the art information security systems.
He said that despite that, his company “was the target of a very sophisticated external cyber attack. These attackers gained unauthorised access to Anthem’s IT systems”.
Anthem has hired a company called Mandiant to assess its IT systems.
Sheffield said: “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge.”