A massive data breach against Anthem, the second-largest health insurance company in the U.S., was disclosed this week, and investigators think Chinese hackers may be the ones responsible. The breach, which occurred late last month, gave hackers access to the private data of 80 million current and former members, as well as employees, of Anthem. It is one of the largest medical-related cyber-intrusions ever.

According to authorities, the breach did not involve credit card numbers or private health records, but did expose birth dates, Social Security numbers, physical and email addresses and income data. An investigator speaking on conditions of anonymity said that there are signs that other health-care companies may have also been targeted.

Health care has become a popular target for hackers because of the vast amount of financial and medical information these databases contain. Hospitals and health insurers have so far struggled to implement the kinds of defenses used by large retail and financial companies. Adam Meyers, vice president of Crowdstrike, a cybersecurity firm based in Irvine, Calif., says that over the past year Chinese hackers have taken health records and other information that could possibly be used to create profiles of spy targets.

Medical records, treatment details and test results were not compromised in the Anthem attack, however, experts say the breach points out the potential worry that hackers will steal private health data that has value on the black market as a tool that can be used for identity theft, fraud or extortion. Medical information can be used to file false insurance claims or buy prescription drugs. Attackers could potentially blackmail policyholders who are desperate to maintain their privacy.

Ben Johnson, who is the chief security strategist at cybersecurity firm Bit9 + Carbon Black, says “health-care records are the new credit cards.” He says that when a credit card is compromised the user cancels it, but if a patient has HIV and that gets out there is no way to get the information back. Katherine Keefe, of London-based insurer Beazley, calls healthcare a “big, leaky boat.”

One in nine Americans are covered by Anthem through its affiliate health plans, including Blue Cross Blue Shield brands. The hack could also affect managed care plans that patients enroll in through Medicaid. Anthem is notifying members whose information was involved in the breach, and is also providing free identity-protection and credit-monitoring services. Joseph R. Swedish, Anthem’s chief executive, was among those who had personal data exposed.

The potential link to Chinese hackers could indicate that the breach is part of a larger campaign, according to experts. Dmitri Alperovitch, co-founder of CrowdStrike, a cybersecurity firm, said that in the past six months he has seen hackers from the Chinese government target insurance companies and health care providers to obtain medical information and personal identifying information such as Social Security numbers.

Alperovitch says that China “sucks up” as much of a variety of information as they can that “could come in handy later.” His firm has no information on the Anthem hack. Involvement in hacks on ISIS has also been connected with China. They have also targeted other agencies who have large databases, such as state motor vehicle departments.

Tom DeSot, cyberseurity firm Digital Defense executive, says that the employee data that was stolen in the Anthem breach could be an indication that the hackers are preparing another attack that might reach internal systems that they had previously been unable to access.

This is not the first time that Anthem has been under scrutiny for its security. In 2013 the insurer agreed to pay $1.7 million for federal claims that their poor safeguards had left personal information vulnerable, including health data and Social Security numbers, on more than 600,000 people.