Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Darron Cummings / AP

It's been more than two years since health insurer Anthem publicly announced it was the target of a cyberattack. Hackers stole the birthdays, Social Security numbers and other data for nearly 80 million people — the largest health care data breach ever — yet there are still some unanswered questions.

There's no definitive conclusion of who the hackers were, or whether Anthem faces penalties from the federal government. However, some useful information came from a recent investigation from multiple state departments of insurance.

What we know:

  • Anthem executives have not addressed the cyberattack in any earnings calls since it was announced.
  • Officials say there's no evidence that medical or credit card information was stolen.
  • Anthem has spent at least $260.5 million related to the data breach, most of which went toward improving security and providing credit protection to people who were affected. A spokeswoman said Anthem is still taking "steps to help ensure the security of our systems."
  • The two years of free credit monitoring Anthem provided are up. However, this past December, the National Association of Insurance Commissioners concluded Anthem has to pay more than $15 million for a credit freeze to the roughly 12 million affected Anthem members who were 18 years old or younger at the time of the breach.

What we don't know:

  • Anthem has not disclosed the value of its cyber insurance policy, which defrays some of the costs.
  • The hackers were most likely working on behalf of a foreign government. Many security experts believe it was China, but that has not been proven yet. The FBI would not comment on the pending investigation.
  • It's unclear if Anthem will face a federal penalty. It's by far the largest health care data breach, and the Department of Health and Human Services has imposed fines in the past. The HHS Office for Civil Rights said it "cannot comment on open or potential investigations." Adam Greene, a former HHS official, said it usually takes three to four years before a settlement is reached, and "it's certainly not a given" that HHS will pursue a fine if it believes Anthem had safeguards in place.
  • We don't know for sure that Anthem was fully protected from this type of attack, and a separate federal agency that had a contract with Anthem previously said the insurer did not have controls in place "to prevent rogue devices...from connecting to its networks."
  • Class-action lawsuits are still pending, and fact-finding discovery ended in December. Anthem could escape big damages if people can't show concrete harm.

Go deeper

The social media addiction bubble

Illustration: Annelise Capossela/Axios

Right now, everyone from Senate leaders to the makers of Netflix's popular "Social Dilemma" is promoting the idea that Facebook is addictive.

Yes, but: Human beings have raised fears about the addictive nature of every new media technology since the 18th century brought us the novel, yet the species has always seemed to recover its balance once the initial infatuation wears off.

Young people's next big COVID test

Illustration: Eniola Odetunde/Axios

Young, healthy people will be at the back of the line for coronavirus vaccines, and they'll have to maintain their sense of urgency as they wait their turn — otherwise, vaccinations won't be as effective in bringing the pandemic to a close.

The big picture: "It’s great young people are anticipating the vaccine," said Jewel Mullen, associate dean for health equity at the University of Texas. But the prospect of that enthusiasm waning is "a cause for concern," she said.

7 hours ago - World

New Zealand authorities charge 13 parties over deadly volcano eruption

Prime Minister Jacinda Ardern at New Zealand's parliament in Wellington. Photo: Mark Tantrum Photography via Getty Images

New Zealand authorities laid safety violation charges Monday against 10 organizations and three individuals over the fatal Whakaari/White Island volcanic disaster last December, per a statement from the agency WorksSafe.

Details: WorksSafe declined to name those charged as they may seek name suppression in court. But Prime Minister Jacinda Ardern said government agencies GNS Science, which monitors volcanic activity, and the National Emergency Management Agency were among those charged over the "horrific tragedy" that killed 22 people.