Last night, we became aware that Anthem, Inc., the parent company of Anthem Blue Cross, is the victim of a highly-sophisticated cyber attack. Anthem has informed us that its member data was accessed, and information about our clients could be among the data.
We are working closely with Anthem to better understand the impact on its members. Here is what we do know:
- Once Anthem determined it was the victim of a sophisticated cyber attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
- Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
- Anthem immediately began a forensic Information Technology (IT) investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
- The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, phone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
- Anthem is still working to determine which members’ Social Security numbers were accessed.
- Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
- Anthem has advised us there is no indication at this time that any of our clients’ personal information has been misused.
- All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
Anthem has created a website – www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information, and has shared these Frequently Asked Questions (FAQs) that further explains the cyber attack.