In the latest in a string of high profile data breaches, on February 4, 2015, Anthem BlueCross/BlueShield, the second largest health insurer in the United States, announced that it had fallen victim to a “very sophisticated cyberattack” that exposed the personal information on 80 million current and former customers and employees. The information included names, birthdays, Social Security numbers, street addresses, email addresses and other employment details, including income data. There is no indication at present that customer credit or medical information was compromised by the attack. The theft, which was first detected on January 29, 2015 by Anthem, is one of the largest reported data breaches involving customer information to date.
According to Anthem, the breach directly affected customers of Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, HealthKeepers and Golden West. In addition, customers of the following companies participating in the BlueCard program of the Blue Cross and Blue Shield Association may also be affected:
The independent Blue Cross and Blue Shield plans affected include some members of Arkansas BCBS, BCBS of Alabama, BCBS of Arizona, BCBS of Hawaii, BCBS of Kansas, BCBS of Kansas City, BCBS of Louisiana, BCBS of Massachusetts, BCBS of Michigan, BCBS of Minnesota, BCBS of Mississippi, BCBS of Nebraska, BCBS of North Carolina, BCBS of North Dakota, BCBS of Rhode Island, BCBS of South Carolina, BCBS of Tennessee, BCBS of Vermont, BCBS of Wyoming, Blue Cross of Idaho, Blue Shield of California, Capital Blue Cross, CareFirst BCBS, BCBS of Florida, GeoBlue, HealthNow New York, Highmark BCBS, Horizon BCBS, Hospital Service Association of Northeastern PA, Independence Blue Cross, La Cruz Azul, Lifetime Healthcare, Inc., Premera BCBS, Wellmark BCBS, BlueCross BlueShield of Illinois, BlueCross BlueShield of Texas, BlueCross BlueShield of Oklahoma, BlueCross BlueShield of New Mexico, BlueCross BlueShield of Montana, Regence BlueCross BlueShield (in Oregon & Utah) and Regence BlueShield (in Idaho and portions of Washington state).
To compound matters, within days of the attack scammers capitalized on the Anthem calamity by mass emailing a bogus offer for free credit monitoring, which appeared to have been sent by Anthem officials in response to the breach, and also by cold-calling current and former Anthem customers pretending to be company representatives.
Anthem has established a Website, www.AnthemFacts.com, and toll free number,1-877-263-7995, to handle customer inquiries concerning the theft. Anthem is also providing free identity repair services and credit monitoring for those affected.
In addition to utilizing credit monitoring services, anyone who suspects that their date of birth, Social Security Number or other personal identifying information has been stolen, should place a fraud alert on their credit accounts with the three major credit reporting companies and request a free credit report (Equifax - 1-800-525-6285, Experian - 1-888-397-3742, TransUnion - 1-800-680-7289). In addition, it’s a good idea to closely monitor your bank/credit card/medical bills for unusual activity and be on the lookout for unusual mail, e.g., mail confirming meetings that you did not attend, accounts you did not create, etc. Anyone who believes that their personal information was used to commit fraud, should create an identity theft affidavit with the FTC (www.ftc.gov/complaint) and report the matter to their local law enforcement agency as soon as possible following the discovery.
Security problems like the Anthem data breach and recent Superfish spyware infection will continue to plague businesses large and small in our digital future. If you are concerned about your business’ security exposure, have suffered a data breach or are a victim of identity theft, contact the technology law attorneys at Helmer, Conley & Kasselman, P.A. for immediate assistance. We can help you understand electronic security and take the appropriate steps to protect your data and prevent and respond to attacks and identity theft and fraud.
Helmer, Conley & Kasselman, P.A.: Call Us – Problem Solved.