Associated Agencies Employer Benefits Associated Agencies Individual Benefits  Associated Agencies Business Insurance

Important Information Regarding Anthem Cyber-Attack Breach

Capture

ANTHEM CYBER-ATTACK BREACH

As you may have recently learned through the news, there was a cyber-attack that occurred with Anthem, the health insurance carrier. This may have affected employees covered by Anthem but also those insured by other Blue Cross plans  — if claims are incurred by members in other states where Anthem is the Blue Cross Blue Shield carrier, the breach in the event may affect them.  The information we are providing with this letter is directly from Anthem and their updates.  We have also included some additional Q&A questions from BCBS of IL.  We will regularly notify you if we learn additional information that is pertinent. If you are affected by the breach directly, you will receive written communication directly from Anthem.  Given the nature of the breach and health insurance claims, the carrier must contact you directly, we have no access to your claims, nor the breached information therefore can’t we directly identify members that may have been affected.

If you have additional questions, please contact Human Resources

*************************************************************************************

From the Desk of Joseph R. Swedish

President and CEO Anthem, Inc.

To Our Members,

Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.

Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.

Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.

Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website – www.AnthemFacts.com – where members can access information such as frequent questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995. As we learn more, we will continually update this website and share that information with you.

I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information. We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.

Sincerely,

Joseph R. Swedish
President and CEO
Anthem, Inc.

********************************************************************************************************

Frequently Asked Questions

Learn more about the cyber attack against Anthem

 

Was my information accessed?

Anthem is currently conducting an extensive IT Forensic Investigation to determine what members are impacted. We are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication.

What information has been compromised?

Initial investigation indicates that the member data accessed included names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.

Who is responsible for this cyber attack or breach?

Anthem is working closely with federal law enforcement investigators. At this time, no one person or entity has been identified as the attacker.

When will I receive my letter in the mail?

We continue working to identify the members who are impacted. We will begin to mail letters to impacted members in the coming weeks.

How can I sign up for credit monitoring/identity protection services?

All impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.

Do the people who accessed my information know about my medical history?

No – our investigation to date indicates there was no diagnosis or treatment data exposed.

Do the people who accessed my information have my credit card numbers?

No, our current investigation shows the information accessed did not include credit card numbers.

Did this impact all lines of Anthem Business?

Yes, all product lines are impacted.

Is my (plan/brand) impacted?

The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare.

How can I be sure my personal and health information is safe with Anthem, Inc.?

Anthem is doing everything it can to ensure there is no further vulnerability to its database warehouses. Anthem has contracted with a global company specializing in the investigation and resolution of cyber attacks. We will work with this company to reduce the risk of any further vulnerabilities and work to strengthen security.

Does this impact Blue Cross and Blue Shield plans not owned by Anthem?

Yes, BlueCard members are impacted. The Blue Cross and Blue Shield Association’s BlueCard is a national program that enables members of one Blue Cross and Blue Shield Plan to obtain healthcare services while traveling or living in another Blue Cross and Blue Shield Plan’s service area. The program links participating healthcare providers with the independent Blue Cross and Blue Shield Plans across the country and in more than 200 countries and territories worldwide through a single electronic network for claims processing and reimbursement.

I think I received a scam email related to Anthem’s cyber attack?

Members who may have been impacted by the cyber attack against Anthem, should be aware of scam email campaigns targeting current and former Anthem members. These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from Anthem and the emails include a “click here” link for credit monitoring. These emails are NOT from Anthem.

  • DO NOT click on any links in email.
  • DO NOT reply to the email or reach out to the senders in any way.
  • DO NOT supply any information on the website that may open, If you have clicked on a link in email.
  • DO NOT open any attachments that arrive with email.

 

*************************************************************************************

Important update regarding the cyber attack

February 6, 2015

Members who may have been impacted by the cyber attack against us should be aware of scam email campaigns targeting current and former members.  These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from a health plan and the emails include a “click here” link for credit monitoring. These emails are NOT from us.

  • DO NOT click on any links in email.
  • DO NOT reply to the email or reach out to the senders in any way.
  • DO NOT supply any information on the website that may open, if you clicked on a link in email.
  • DO NOT open any attachments that arrive with email.

We are not calling members regarding the cyber attack and are not asking for credit card information or social security numbers over the phone.

This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers.

We will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services. 

For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing.

We have created a dedicated website (www.AnthemFacts.com) where everyone can access information such as frequently asked questions and answers.

**********************************************************************************

From Blue Cross Blue Shield of Illinois

What information has been compromised?
Initial investigation indicates that the member data accessed included names, dates of birth, member ID/
Social Security Numbers, addresses, phone numbers, email addresses and employment information.

How long will it take to identify the people who were affected?
Anthem has said the process of identifying impacted members will take two weeks.

Does this impact Blue Cross and Blue Shield of IL?
The security of our members’ and employees’ personal and health information is a top priority for Blue
Cross and Blue Shield of IL. We are working hard with Anthem to determine whether any of our
customers or employees were affected by this event. Should we discover that any of our members were
impacted, you will be notified by BCBSIL. We will provide additional information as it is available.

Is BCBSIL related to Anthem?
No. Anthem is a separate company that operates in other states.

Why would my data be involved? I don’t use Anthem, I use BCBSIL.
Anthem’s investigation is still ongoing, so we don’t know at this time whether any of our members’
information may have been involved as a result of being part of claims processing activity that occurs in
certain situations among Blues plans. We are working hard with Anthem to determine whether any of our
customers or employees were affected by this event. Should we discover that any of our members were
impacted, you will be notified by BCBSIL. We will provide additional information as it is available.