Anthem, Inc., the second biggest U.S. health insurer by market value, was the victim of a highly sophisticated cyber-attack that compromised over 78 million current and former members and employees records. The hackers obtained information which included names, birthdays, member ID/Social Security numbers, street addresses, email addresses and employment information, including income data. Based on information to date, there isn’t any evidence to suggest that banking, credit card, medical information (such as claims, test results, or diagnostic codes) were targeted or compromised.
Once Anthem became aware of the cyber-attack, they notified federal law enforcement officials and shared information related to the cyber-attack with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center). Anthem’s Information Security worked to secure all of its members’ data from further attack, and began a forensic IT investigation to determine the number of impacted members and to identify the exact information accessed.
Anthem has also provided a warning regarding scam email campaigns targeting current and former members. These scam email campaigns are designed to capture personal information (known as “phishing”) and appear as if they are from Anthem, often including a “click here” link for credit monitoring. These emails are not from Anthem, and have been created simply to trick consumers into sharing personal data. Members are warned not to click on any links in email, reply to the email, supply any information on the website that may open if you clicked on a link in email or open any attachments that arrive with email.
Anthem is not calling members regarding the cyber-attack nor are they asking for credit card information or social security numbers over the phone. Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber-attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and identity protection services.
Anthem created a website (www.anthemfacts.com) where current and former member can access frequently asked questions and established a toll-free number for additional questions (877-263-7995). For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing.