Was my information accessed?
Anthem is currently conducting an extensive IT Forensic Investigation to determine what individuals are impacted. We are working to determine how many people have been impacted and will notify all potentially impacted individuals for whom we have a valid mailing address through a written communication sent through the mail.
What information has been compromised?
Initial investigation indicates that the data accessed included names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.
How can I find out if my information was compromised?
Those potentially impacted by the cyber-attack can confirm what type of personal information (i.e. their social security number, email address, etc.) was accessed by calling AllClear at 877-263-7995. You will be transferred to a phone representative who will ask for your name, date of birth and possibly additional personal information to ensure that we protect your personal health information (PHI.)
Who is responsible for this cyber attack or breach?
Anthem is working closely with federal law enforcement investigators. At this time, no one person or entity has been identified as the attacker.
When will I receive my letter in the mail?
Many letters have already been sent, but we continue working to identify the individuals who are impacted.
How can I sign up for credit monitoring/identity protection services?
Impacted individuals will receive notice via mail which will advise them of the protections being offered. Impacted individuals may also sign up via AnthemFacts.com.
Do the people who accessed my information know about my medical history?
No - our investigation to date indicates there was no diagnosis or treatment data exposed.
Do the people who accessed my information have my credit card numbers?
No, our current investigation shows the information accessed did not include credit card numbers or banking info.
Did this impact all lines of Anthem Business?
At this point in the investigation, it appears that all product lines are impacted except for those current or former Anthem members who only had coverage for workers compensation, life or disability insurance only.
Is my Anthem plan/brand impacted?
The impacted Anthem plans/brands include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, HealthKeepers, HealthLink and Golden West.
How can I be sure my personal and health information is safe with Anthem, Inc.?
Anthem is doing everything it can to ensure there is no further vulnerability to its database warehouses. Anthem has contracted with a global company specializing in the investigation and resolution of cyber attacks. We will work with this company to reduce the risk of any further vulnerabilities and work to strengthen security.
Does this impact Blue Cross and Blue Shield plans not owned by Anthem?
Yes, BlueCard members are impacted. The Blue Cross and Blue Shield Association's BlueCard is a national program that enables members of one Blue Cross and Blue Shield Plan to obtain healthcare services while traveling or living in another Blue Cross and Blue Shield Plan's service area. The program links participating healthcare providers with the independent Blue Cross and Blue Shield Plans across the country and in more than 200 countries and territories worldwide through a single electronic network for claims processing and reimbursement.
The independent Blue Cross and Blue Shield plans affected include some members of Arkansas BCBS, BCBS of Alabama, BCBS of Arizona, BCBS of Hawaii, BCBS of Kansas, BCBS of Kansas City, BCBS of Louisiana, BCBS of Massachusetts, BCBS of Michigan, BCBS of Minnesota, BCBS of Mississippi, BCBS of Nebraska, BCBS of North Carolina, BCBS of North Dakota, BCBS of Rhode Island, BCBS of South Carolina, BCBS of Tennessee, BCBS of Vermont, BCBS of Wyoming, Blue Cross of Idaho, Blue Shield of California, Capital Blue Cross, CareFirst BCBS, BCBS of Florida, GeoBlue, HealthNow New York, Highmark BCBS, Horizon BCBS, Hospital Service Association of Northeastern PA, Independence Blue Cross, La Cruz Azul, Lifetime Healthcare, Inc., Premera BCBS, Wellmark BCBS, BlueCross BlueShield of Illinois, BlueCross BlueShield of Texas, BlueCross BlueShield of Oklahoma, BlueCross BlueShield of New Mexico, BlueCross BlueShield of Montana, Regence BlueCross BlueShield (in Oregon & Utah) and Regence BlueShield (in Idaho and portions of Washington state).
I think I received a scam email related to Anthem's cyber attack?
Individuals who may have been impacted by the cyber attack against Anthem, should be aware of scam email campaigns targeting current and former Anthem members. These scams, designed to capture personal information (known as "phishing") are designed to appear as if they are from Anthem and the emails include a "click here" link for credit monitoring. These emails are NOT from Anthem.
- DO NOT click on any links in email.
- DO NOT reply to the email or reach out to the senders in any way.
- DO NOT supply any information on the website that may open, If you have clicked on a link in email.
- DO NOT open any attachments that arrive with email.
Individuals who have provided e-mails to Anthem and have opted in to receiving communications may receive an e-mail directing them to visit AnthemFacts.com to sign up for services. This e-mail is scheduled to be distributed the week of Feb. 16. This email, sent due to state notification requirements, will not ask for personal information and will not contain a link to any websites other than AnthemFacts.com
I received a call from Anthem related to this cyber attack asking for my information, what should I do?
Anthem is not calling individuals regarding the cyber attack and is not asking for credit card information or social security numbers over the phone. All impacted individuals will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.
If you believe you have been a victim of a scam or identity theft crime related to this incident, please file with the Internet Crime Complaint Center (IC3) at www.IC3.gov . Please be as descriptive as possible identifying your complaint as “Anthem” and try to include the following:
- Details on how, when, and why you believe you were defrauded.
- Identifiers of the perpetrators such as names, email addresses, websites, bank fraud information, and beneficiary names.
- Actual or attempted loss amounts.
- Header information from email messages.
- Other relevant information to support your complaint.
Complainants are encouraged to save all original documentation, emails, faxes, and logs from communications in the event you are contacted by Law Enforcement.
Does this impact Blue Cross and Blue Shield Federal Employee Program plans?
Yes, based upon the investigation thus far, it appears that Blue Cross and Blue Shield Federal Employee Program plans members are impacted. The Blue Cross and Blue Shield Service Benefit Plan is part of the Federal Employees Health Benefits Program (FEHBP.)
If I choose to purchase credit monitoring and repair services effective immediately, will Anthem reimburse me?
No. Anthem is contracting with a trusted vendor to provide free identity repair services, which will be retroactive to the date of the potential exposure, and credit monitoring to all those impacted, and will not reimburse for services that you may have independently purchased.
Does the acceptance of Anthem’s offer of 2 years of AllClear ID’s identity theft repair or credit monitoring services cause individuals to waive any legal rights?
Since there is integration between Anthem and HealthEquity, does the breach also compromise employees’ Health Equity account?
Anthem’s research to date indicates that no FSA (Flexible Spending Account) or HSA (Health Savings Account) data was compromised.
What if I am living internationally and need to contact AllClear for identity repair services?
Please contact the international non-toll free number at 512-201-2195.
Are non-Anthem, non-Blue Plan members potentially impacted by the cyber attack?
In some instances, Anthem determined that non-Anthem and non-Blue Plan group health plan members were potentially impacted by the cyber attack. For some self-insured employer group health plans that offered Anthem and non-Anthem health plan options, Anthem may have - as a business associate vendor - received information about non-Anthem members to provide analytics and administrative services. Anthem is providing notice to these potentially impacted non-Anthem members for whom it has a valid mailing address.
Has the FBI released any details as a result of their investigation?
As of 12/1/2015, this is an ongoing investigation and there are no additional details to provide.