Anthem (now Elevance Health), the second-largest US health insurer, disclosed in February 2015 that attackers had gained access to its enterprise data warehouse and exfiltrated approximately 78.8 million current and former members’ records — the largest healthcare data breach in history at the time. The breach originated from a spear-phishing email that compromised an Anthem subsidiary employee’s credentials. Attackers used legitimate Anthem sysadmin tools (including a custom query tool) to extract data from the data warehouse over several weeks before detection. Data stored in plaintext included names, Social Security numbers, dates of birth, home addresses, email addresses, employment information, and income data. Notably, clinical/claims data was not exfiltrated. The breach was attributed to a China-linked threat actor and was believed to be an intelligence-gathering operation targeting data on US government employees and contractors who had Anthem coverage. Anthem settled a class action for $115 million and paid an $8.7 million state regulatory settlement. The breach sparked major debate about whether HIPAA should require encryption of health data at rest (it doesn’t).