Anthem Security Breach

February 18, 2015 - Anthem Blue Cross Update

Anthem will begin an email launch to members today regarding the cyber- attack/breach.  Anthem is required to provide email notifications to members due to state breach notification requirements. Only current and former Anthem members who have consented to receive information by email will receive this announcement directing them to visit www.AnthemFacts.com to sign up for credit protection services. The email will not ask for personal information and will not link to any websites other than www.AnthemFacts.com.  A member may not get the email if their email address hasn’t been updated, if they have unsubscribed from Anthem communications, or if they’re a member of the national registry do not contact list. And, in some case, the email may get caught by a spam filter.

Emails are planned to begin deploying to over 8 million current and former Anthem members this morning, Wednesday, February 18th.  We will send up to 1 million emails per day until complete.  The email will be sent from Anthem, Inc.  The subject line will be “Important Message From Anthem, Inc.”.  A copy of the email will be posted on www.AnthemFacts.com, and is the exact information in the letters members will receive via US Postal Service.

No links will be coded into the email but there is the possibility that some phones and web platforms will automatically convert the copy into links. We included a sentence to remind members they can key in the web addresses versus clicking directly in the email if they are concerned.

I wanted to give you a heads up on the emails should you receive any questions from employees/retirees regarding the authenticity of the emails.  The mailing lists are random, meaning that all members who end up receiving an email will not necessarily receive them on the same day, and may be several days apart.

February 11, 2015 - Anthem Blue Cross Update

Last week, we made you aware that Anthem was the target of a very sophisticated external, cyber attack. Since that time, we have been working around the clock continuing our assistance in the FBI investigation; analyzing the data to understand the impact to our members; responding to questions from our clients, members and partners; and securing a best-in-class vendor to provide identity protection services to our members as quickly as possible.

To that end, we understand that you and your clients/employees – our members - are eager to receive more information about how to enroll in the credit protections we are providing. Starting this Friday, Feb. 13, current and former Anthem members whose information was included in the database that was compromised, can visit www.AnthemFacts.com to learn how to enroll in two years of free credit monitoring and identity theft repair services provided by our vendor - a leading and trusted identity protection provider. Members can access these services starting Friday, Feb. 13, prior to receiving a mailed notification from Anthem, which will be sent in the coming weeks.

The free identity protection services provided by Anthem include two years of:

  • Identity Repair Assistance: Should a member experience fraud, an investigator will do the work to recover financial losses, restore the member’s credit, and ensure the member’s identity is returned to its proper condition. This assistance will cover any fraud that has occurred since the incident first began.

  • Credit Monitoring: At no cost, members may also enroll in additional protections, including credit monitoring. Credit monitoring alerts consumers when banks and creditors use their identity to open new credit accounts.

  • Child Identity Protection: Child-specific identity protection services will also be offered to any members with children insured through their Anthem plan.

  • Identity theft insurance: For individuals who enroll, the company has arranged for $1,000,000 in identity theft insurance, where allowed by law.

  • Identity theft monitoring/fraud detection: For members who enroll, data such as credit card numbers, social security numbers and emails will be scanned against aggregated data sources maintained by top security researchers that contain stolen and compromised individual data, in order to look for any indication that the members’ data has been compromised.

  • Phone Alerts: Individuals who register for this service and provide their contact information will receive an alert when there is a notification from a credit bureau, or when it appears from identity theft monitoring activities that the individual’s identity may be compromised.

    Industry standards under similar circumstances are to provide credit monitoring services for one year; however, we are exceeding these standards and providing these identity protection and credit monitoring services to all impacted members for two years, in response to your concerns. This has been our priority from day one, to be transparent, protect your data and to give our members peace of mind.

    We have been working to arrange for these credit monitoring and identity theft protection services since the attack on our systems was discovered. Doing so has required enormous efforts and commitment of resources to ensure that our vendor can accommodate what we anticipate will be very high demand for these services. It was essential that we work with the vendor to develop the infrastructure to handle a high volume of calls and web traffic, and to train representatives to accurately answer questions from our members. Our goal is to provide peace of mind, while minimizing frustration for our members. We are able to provide these services 11 business days after discovery of the attack.

We will continue to provide updates as we learn more about the attack, and we are here to answer your questions to the best of our ability.

Anthem Blue Cross Security Breach

On Wednesday, February 5, 2015, we were made aware that Anthem, Inc., the parent company of our health insurance provider, is the victim of a highly-sophisticated cyber-attack. Anthem has informed us that its member data was accessed, and could include that of our employees.

We are working closely with Anthem to better understand the impact on its members. Here is what we do know:

  • Once Anthem determined it was the victim of a sophisticated cyber-attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).

  • Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.

  • Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.

  • The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.

  • Anthem is still working to determine which members’ Social Security numbers were accessed.

  • Anthem’s investigation to date shows that no credit card or confidential health information was accessed.

  • Anthem has advised us there is no indication at this time that any of our clients’ personal information has been misused.

  • All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.

We are continuing to work closely with Anthem to better understand the cyber-attack and the impact on our employees. Anthem has created a website – www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information, and has shared the attached Frequently Asked Questions (FAQs) that further explains the cyber-attack.

What is Anthem doing to help members potentially affected by this incident? All impacted members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.

Fake emails from Anthem regarding credit monitoring

On February 6, 2015, we learned that someone has created a fake email from Anthem regarding credit monitoring.  This email is NOT from Anthem.  Anthem has advised that you NOT click on this email and/or any links within any email regarding this attack.  Attached is screen shot of one of these email messages.

CA residents who have may have been impacted by the cyber-attack against Anthem, should be aware of scam email campaigns targeting current and former Anthem members.  These scams, designed to capture personal information (known as “phishing”) appear as if they are from Anthem and the emails include a “click here” link for credit monitoring. These emails are NOT from Anthem. 

This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber-attack, or that the information accessed in the attack is being used by the scammers. 

  • DO NOT click on any links in email.
  • DO NOT reply to the email or reach out to the senders in any way.
  • DO NOT supply any information on the website that may open, if you If you have clicked on a link in email.
  • DO NOT open any attachments that arrive with email.

Anthem is not calling members regarding the cyber-attack and is not asking for credit card information or social security numbers over the phone.

Anthem will contact current and former affected members via mail delivered by the U.S. Postal Service about the cyber-attack with specific information on how to enroll in credit monitoring.

For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing

VCCCD will continue to keep you updated, as we are notified from Anthem.