As you may have heard by now, Anthem Blue Cross was recently the victim of a cyber-attack in which personal information from their current and former members was obtained. Anthem is currently working to identify the members who are impacted and is expected to mail letters to you within two weeks.
Anthem has provided the following statement regarding the attack. If additional information is received from Anthem, it will be posted here.
“It is very unfortunate that we have recently discovered that Anthem, Inc. was the target of a very sophisticated cyber-attack. In this attack, personal information from our current and former members, including Anthem associates, was obtained – such as names, birthdays, social security numbers, street addresses and email addresses. No credit card information was compromised, nor is there evidence at this time that medical information, such as claims, test results, or diagnostic codes, were targeted or obtained.
As soon as we learned about the attack, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. We know that this is a very urgent and important incident and we are taking all measures to secure our members private information.
Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website (www.AnthemFacts.com ) where members can access information such as frequently asked questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995. As we learn more, we will continually update this website and share that information with you
We thank you for your continued support. Certainly if you have any questions, please contact us.”
Anthem also provided answers to some important questions you may have:
Was my information accessed?
Anthem is currently conducting an extensive IT forensic investigation to determine what members are impacted. The Anthem teams are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication.
What information was compromised?
Anthem’s Initial investigation indicates that the member data accessed included names, dates of birth, member health ID numbers/social security numbers, addresses, telephone numbers, email addresses and employment information including income data.
Was there any diagnosis or treatment data exposed?
Anthem’s investigation to date indicates there is no evidence that medical information, such as claims, test results, or diagnostic codes were targeted or compromised.
Was my credit card information accessed?
Anthem’s investigation to date indicates there is no evidence that credit card information was compromised.
Do the people who accessed my information have my social security number?
Anthem’s investigation to date indicates that the information accessed included names, dates of birth, member health ID numbers/social security numbers, street addresses, email addresses and employment information. Anthem is working to determine whose social security numbers were accessed.
How can I sign up for credit monitoring services?
All impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.
When will I receive my letter in the mail?
We continue working to identify the members who are impacted. We expect the mailing of letters to begin in the next two weeks.
My children are on my insurance plan, was their information also accessed?
Anthem is currently conducting an extensive IT forensic investigation to determine which members are impacted; however, adults and children were impacted.
Do the people who accessed my information know about my medical history?
Our investigation to date indicates there was no diagnosis or treatment data exposed.
Do the people who accessed my information have my credit card numbers and banking information?
No, the investigation to date indicates that information accessed did not include credit card numbers, banking or other financial information.
Has anyone used my information yet?
We are not aware of any fraud that has occurred as a result of this incident against our members.
Am I at risk for identity theft?
Anthem is currently conducting an extensive IT forensic investigation to determine which members are impacted. We are not aware of any fraud that has occurred as a result of this incident against our members, but all impacted members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
Do I need a new member ID card and number?
Anthem is working around the clock to determine how many people have been impacted and will notify all who are impacted. Anthem will provide further guidance on next steps.
How can I be sure my personal and health information is safe with Anthem, Inc.?
Safeguarding its members’ personal, financial and medical information is a top priority for Anthem, and because of that, they have a state-of-the-art information security system to protect the data.
Anthem has contracted with Mandiant – a global company specializing in the investigation and resolution of cyber attacks. Anthem will work with Mandiant to ensure there are no further vulnerabilities and work to strengthen security.
What is Anthem doing to help members potentially affected by this incident?
All impacted members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
Where is the data now? And who can access my information?
Evidence indicates that the data was uploaded to an external file sharing service. This file sharing service, at Anthem’s request, has locked down the account and data so that it cannot be copied, accessed or removed. Anthem and the FBI are working with the file sharing service to access the data and further secure it.