Anthem, the nation’s second-largest health insurer, is the latest victim of a cyber attack in which hackers stole personal information, including the names, Social Security numbers, birthdays, medical IDs, addresses, employment information and income data, of more than 80 million Americans.
“Anthem was the target of a very sophisticated external cyber attack,” Anthem president and CEO Joseph Swedish said in a statement posted on this site, created specifically to address the attack.
It appears to be the largest health care data breach ever, USA Today said.
If you’re an Anthem customer, here’s what you need to know:
- Which plans are impacted? Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare were impacted in the data breach.
- How will I know if my personal information is vulnerable? “We are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication,” Anthem said. The health care company went on to say that letters would be sent out to those members in the coming weeks.
- Was my medical history or credit card information stolen? Anthem said it didn’t appear that the cyber thieves accessed credit card or medical information.
- How is this different from other cyber attacks (for example: Target or Home Depot)? Because this data breach includes Social Security numbers, it’s more serious than the breaches at Target and Home Depot, which only involved credit/debit card numbers. With your Social Security number in hand, fraudsters can steal your identity, apply for a job, or get a credit card and rack up debt, all in your name.
- Can I talk to someone about my concerns? If you have questions about the data breach, Anthem recommends calling this number: 1-877-263-7995.
- What can I do now? Money suggests monitoring your credit report, or even putting a fraud alert on it. “A fraud alert tells creditors to double-check whenever someone applies for credit in your name,” Money said.
Anthem said it will provide free credit monitoring and identify protection services to all those affected by the data breach. Click here to access Anthem’s website about the cyberattack.
According to The Wall Street Journal, the information stolen by the cyber thieves wasn’t encrypted, making it easy to read. However, companies are not required by law to encrypt their members’ data, and many don’t.
“Under HIPAA, doctors, hospitals, health plans and others must ‘address’ encryption in their operations, but don’t have to scramble data if they determine doing so would impose an unreasonable burden, the likelihood of disclosure is low and they have implemented alternative security measures,” the Journal explained.
Anthem spokeswoman Kristin Binns told the Journal that Anthem only encrypts personal data when it is moved from the database, not when it’s stored.
“We use other measures, including elevated user credentials, to limit access to the data when it is residing in a database,” she said.
Are you an Anthem customer? Has your personal information been stolen as a part of this (or any other) cyberattack? Share your comments below or on our Facebook page.
In the grand scheme of things, there are some rules you can follow to help protect yourself from identity theft. Watch the video below for some tips:
Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.