We have just become aware that Anthem, Inc., the parent company of Anthem Blue Cross and Blue Shield, is the victim of a highly-sophisticated cyber attack. Anthem has informed us that its member data was accessed, and information about our clients could be among the data.
We are working closely with Anthem to better understand the impact on its members. Here is what we do know:
- Once Anthem determined it was the victim of a sophisticated cyber attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
- Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
- Anthem immediately began a forensic Information Technology (IT) investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
- The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, phone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
- Anthem is still working to determine which members’ Social Security numbers were accessed.
- Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
- Anthem has advised us there is no indication at this time that any of our clients’ personal information has been misused.
- All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
We are continuing to work closely with Anthem to better understand the cyber attack and the impact on our employees. Anthem has created a website – www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information, and has shared the attached Frequently Asked Questions (FAQs) that further explains the cyber attack.
We will continue to keep you updated on Anthem’s ongoing investigation in hopes to find out who committed the attack, and why. Please feel free to contact Share Declet at (757) 727-6610 if you have any questions.
Please see the notice below, and note that Anthem will individually notify current and former members whose information has been accessed.
Anthem has set up a dedicated website: www.anthemfacts.com where you can access more information or you may call them at 1-877-263-7995 if you would like to speak to someone about this incident.
To our valued customers:
Safeguarding your employee's personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem's IT system and have obtained personal information from our current and former members such as their names, birthdays, member ID/Social Security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that banking, credit card, medical information (such as claims, test results, or diagnostic codes) were targeted or compromised.
Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world's leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.
Anthem's own associates' personal information - including our own - was accessed during this security breach. We join you in your concern and frustration, and we assure you that we are working around the clock to do everything we can to further secure your employees' data.
Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website (www.AnthemFacts.com) where members can access information such as frequently asked questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995. As we learn more, we will continually update this website and share that information with you. And, we developed a memo template and FAQ to help you answer questions you may receive from your employees.
We want to personally apologize to you and your employees for what has happened, as we know you expect us to protect your information. We will do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust.
Ken GouletPresident, Commercial and Specialty Business
Virginia Plan President