Anthem Blue Cross of California gets hit with a cyber attack.
Updates and announcements regarding the Anthem Blue Cross cyber attack data breach.
Anthem Blue Cross, February 17th
Members to get an email from us about the cyber attack
To our valued business partner:
We want to keep you informed about our actions in response to the cyber attack. We will begin sending emails to members tomorrow morning, February 18, with information about identity protection and credit monitoring services. We are required to send this email, due to state laws around breach notifications. The email will direct members to visit AnthemFacts.com to sign up for credit protection services. It will contain the exact information as the letters they will receive via the U.S. Postal Service in the coming weeks. All members who have provided an email address to us will receive the notification. Here is an advance copy of the email our members will receive.
You may opt to send the message below to your clients:
Dear Clients:
Anthem wants to keep you informed about its actions in response to the cyber attack. If members have given Anthem their email address, they will get an email about identity protection and credit monitoring services. Anthem is required to send this email, due to state laws around breach notifications. The subject line of the email will be “Important Message From Anthem, Inc.” and it will direct members to visit AnthemFacts.com to sign up for credit protection services. The email will not ask for personal information. Anthem encourages all members to read the email and visit AnthemFacts.com to sign up for the services provided by Anthem.
###
Anthem Blue Cross, February 11th
Cyber Attack Communications Update
Last week, we made you aware that Anthem was the target of a very sophisticated external, cyber attack. Since that time, we have been working around the clock continuing our assistance in the FBI investigation; analyzing the data to understand the impact to our members; responding to questions from our clients, members and partners; and securing a best-in-class vendor to provide identity protection services to our members as quickly as possible.
To that end, we understand that you and your clients are eager to receive more information about how to enroll in the credit protections we are providing. Starting this Friday, Feb. 13, current and former Anthem members whose information was included in the database that was compromised, can visit AnthemFacts.com to learn how to enroll in two years of free credit monitoring and identity theft repair services provided by our vendor – a leading and trusted identity protection provider. Members can access these services starting Friday, Feb. 13, prior to receiving a mailed notification from Anthem, which will be sent in the coming weeks.
The free identity protection services provided by Anthem include two years of:
- Identity Repair Assistance: Should a member experience fraud, an investigator will do the work to recover financial losses, restore the member’s credit, and ensure the member’s identity is returned to its proper condition. This assistance will cover any fraud that has occurred since the incident first began.
- Credit Monitoring: At no cost, members may also enroll in additional protections, including credit monitoring. Credit monitoring alerts consumers when banks and creditors use their identity to open new credit accounts.
- Child Identity Protection: Child-specific identity protection services will also be offered to any members with children insured through their Anthem plan.
- Identity theft insurance: For individuals who enroll, the company has arranged for $1,000,000 in identity theft insurance, where allowed by law.
- Identity theft monitoring/fraud detection: For members who enroll, data such as credit card numbers, social security numbers and emails will be scanned against aggregated data sources maintained by top security researchers that contain stolen and compromised individual data, in order to look for any indication that the members’ data has been compromised.
- Phone Alerts: Individuals who register for this service and provide their contact information will receive an alert when there is a notification from a credit bureau, or when it appears from identity theft monitoring activities that the individual’s identity may be compromised.
Industry standards under similar circumstances are to provide credit monitoring services for one year; however, we are exceeding these standards and providing these identity protection and credit monitoring services to all impacted members for two years, in response to your concerns. This has been our priority from day one, to be transparent, protect your data and to give our members peace of mind.
We have been working to arrange for these credit monitoring and identity theft protection services since the attack on our systems was discovered. Doing so has required enormous efforts and commitment of resources to ensure that our vendor can accommodate what we anticipate will be very high demand for these services. It was essential that we work with the vendor to develop the infrastructure to handle a high volume of calls and web traffic, and to train representatives to accurately answer questions from our members. Our goal is to provide peace of mind, while minimizing frustration for our members. We are able to provide these services 11 business days after discovery of the attack.
We will distribute press releases in our markets on Friday announcing the identity protection services are available. We will also send letters in the mail to our members in the coming weeks with information on how to sign up for services. We will share a copy of these communications with you before they are distributed.
We will continue to provide updates as we learn more about the attack, and we are here to answer your questions to the best of our ability.
###
Anthem Blue Cross, February 6th
Important update regarding the cyber attack
Members who may have been impacted by the cyber attack against us should be aware of scam email campaigns targeting current and former members. These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from a health plan and the emails include a “click here” link for credit monitoring. These emails are NOT from us.
- DO NOT click on any links in email.
- DO NOT reply to the email or reach out to the senders in any way.
- DO NOT supply any information on the website that may open, if you clicked on a link in email.
- DO NOT open any attachments that arrive with email.
We are not calling members regarding the cyber attack and are not asking for credit card information or social security numbers over the phone.
This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers.
We will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services.
For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing.
We have created a dedicated website (www.AnthemFacts.com) where everyone can access information such as frequently asked questions and answers.
###
California Department of Insurance, February 6th
Insurance Commissioner Jones to conduct financial and market conduct
examination of Anthem data breach
SACRAMENTO, Calif. – Insurance Commissioner Dave Jones today directed the California Department of Insurance to conduct a financial and market conduct examination of Anthem Blue Cross of California and to join other insurance regulators in a multi-state national investigation regarding the Anthem data breach that could impact more than 80 million people. The California Department of Insurance expects to be a lead participating state in the national multi-state examination announced today by the National Association of Insurance Commissioners. The financial and market conduct examinations will investigate all aspects of the data breach. A major component will include analyzing Anthem’s information technology systems to determine what protections were in place and what actions could have been taken to minimize data losses.
“The goal of this national multi-state examination should be to determine what areas of vulnerability exist in Anthem’s data systems, what additional strategies and protections could have been employed to prevent losses and whether the insurer has taken the appropriate steps in response to the breach,” said Commissioner Jones. “The Anthem breach underscores that it is critical that companies continually evaluate and upgrade their protection for consumer data.”
Anthem briefed California Insurance Commissioner Dave Jones along with other state insurance commissioners this morning on the chronology of the breach and the steps Anthem is taking in response to the breach, including outreach to consumers. Anthem announced that they will provide identity theft insurance coverage to cover losses and will provide individual assistance to consumers who suffer identity theft. Current and former Anthem customers can call Anthem at 877-263-7995 to obtain more information.
It is anticipated that all 56 states and territories will participate in the examination. California, as well as other states with significant Anthem business, will take the lead in the investigation.
California Department of Insurance, February 5th
NEWS RELEASE
Insurance commissioner reviewing Anthem’s response to large-scale
cyberattack that may impact 80 million people’s personal information
SACRAMENTO, Calif. – Insurance Commissioner Dave Jones directed the Department of Insurance to review Anthem’s response to a large-scale cybersecurity breach that according to reports may affect as many as 80 million policyholders and employees. Anthem notified Commissioner Jones of the breach last night. To make sure Anthem is complying with all privacy and consumer protection laws, the commissioner directed department staff to coordinate with other California regulatory agencies and with state insurance regulators across the United States that have Anthem insurance companies licensed in their states.
“Health insurers have not only consumers’ financial information but also sensitive medical information. Although early reports from Anthem indicate that medical information was not breached, the information reportedly taken does open the door to identity theft and fraud against tens of millions of consumers. The Anthem breach underscores the need for insurance companies to take every precaution to protect their customers’ information and make their consumers whole when a data breach occurs,” said Commissioner Jones. “We are working with other regulators and conducting a review to confirm that the company takes the appropriate steps to protect and assist consumers and guard against future breaches.”
Anthem has advised the commissioner that they notified the FBI once the breach was discovered, sent notices to Anthem consumers and are responding to the questions from consumers whose personal information was stolen. In addition to working with a cybersecurity firm to evaluate the attack, Anthem is offering credit monitoring and identity protection services to all who were affected. The department is monitoring the situation closely to ensure Anthem complies with state law and identifies how the breach occurred and takes steps to prevent future breaches.
Consumers who believe they may have been impacted by the security breach should call Anthem’s toll-free number at 877-263-7995 or find information to common questions on their website. Californians who were affected or concerned may contact the California Department of Insurance consumer hotline at 800-927-HELP (4357).
Blue Shield of California, February 5th
As you may have heard, Anthem Inc. was recently the target of a cyber-attack. The news broke last night, Wednesday, February 4, 2015. Blue Shield of California is aware of Anthem’s cyber-attack and we are working to gather more information and understand the scope of this issue. In California, Anthem Blue Cross is separate and independent from Blue Shield of California, though some members could be affected due to various collaborative agreements between Blue Plans throughout the country.
Blue Shield of California continually assesses and monitors the security of its IT systems and employs advanced and up-to-date security measures. For additional information and assistance about the Anthem situation, visit www.AnthemFacts.com or call their dedicated toll-free phone line at 1-877-263-7995. Read our FAQ for more information.
###
Anthem Blue Cross of California , February 4th, 2015
Anthem released the following information to insurance regarding the cyber attack on their data on February 4, 2014.
To our valued business partner:
Safeguarding your clients’ personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external, cyber attack. These attackers gained unauthorized access to Anthem’s information technology (IT) system and have obtained personal information from our current and former members such as their names, birthdays, member ID/Social Security numbers, street addresses, email addresses and employment information, including income data. Based on the information we know now, there is no evidence that banking, credit card, medical information (such as claims, test results, or diagnostic codes) were targeted or compromised.
Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the Federal Bureau of Investigation (FBI) and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.
Anthem’s own associates’ personal information – including our own – was accessed during this security breach. We join you in your concern and frustration, and we assure you that we are working around the clock to do everything we can to further secure your clients’ data.
Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website (www.AnthemFacts.com ) where members can access information such as frequently asked questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995. As we learn more, we will continually update this website and share that information with you. And, we developed a memo template and FAQ to help you answer questions you may receive from your clients.
We want to personally apologize to you and your clients for what has happened, as we know you expect us to protect your information. We will do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust.
Your local representative is also prepared to discuss this with you.
Sincerely,
Ken Goulet
President, Commercial and Specialty Business
Mark Morgan
California Plan President