PITTSBURGH (KDKA/AP) -- By all accounts, the breach of Anthem, an Indianapolis-based Blue Cross Blue Shield insurance company, was stunning.
"It is not only breath-taking but mind-bending in its potential impact and scale, potentially heart breaking for consumers who may be affected," noted U.S. Sen. Richard Blumenthal, a Connecticut Democrat.
Cyber security adviser Stu Sjouwerman of KnowBe4, a Florida security consulting firm, says health records at medical institutions and insurers are very vulnerable.
"Foreign hackers are able to get into records like this relatively easily so there is a large amount of risk related to health records," Sjouwerman told KDKA money editor Jon Delano.
That's because health records are more attractive than credit cards to a cyber-criminal, says Robert Morris University cyber security Professor Karen Paullet.
"You have date of births, you have mother's maiden names, think about the things that I'm saying. You have emergency contact information -- who would you call. You have all the pieces of information besides the personal information that can get you bank accounts, credit cards information, etc.," noted Paullet.
No surprise says Sjouwerman, this stolen info is more valuable to cyber crooks.
"Health records go sometimes for $50 per record, and credit card records are varying in value between $1.50 to $10," he added.
Experts say health and med institutions need to do more to protect patients.
"They need security specialists, they need analysts, they need 24/7 surveillance, both offense and defense," says Paullet.
And security awareness training is needed for all employees, including physicians.
"All these hacks started with a phishing email that was sent by the bad guys and an employee clicked on it," said Sjouwerman, "and the next thing you know the bad guys are able to tunnel into the network."
Both Highmark and UPMC insist their systems are as secure as possible and a top priority.
Experts are not so sure.
"Just because we're not hearing about it in the news does not mean that it's not happening, that's for sure," adds Paullet.
Anthem created a website, www.anthemfacts.com, where you can get information about the data breach. There is also a toll-free number with information, 877-263-7995.
(© Copyright 2015 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)
for more features.