Some Blue Cross policyholders in Idaho and Washington states are among the 91 million people who had their personal information compromised in a cyber-attack. Anthem Blue Cross Blue Shield and Premera Blue Cross have reported cybersecurity breaches affecting the personal information of more than 91 million policyholders – as many as one in four Americans. State insurance regulators are monitoring the breaches and urge any affected persons to take precautions to protect yourself from theft and identity fraud.
In late January 2015, Anthem, Inc., an independent Blue Cross Blue Shield carrier in 14 states discovered it was the target of a very sophisticated external cyber-attack on its information systems. The Anthem cyber-attack compromised personal information for around 78.9 million people, most of whom are current and former Anthem members.
Anthem discovered the unauthorized access of consumer information including member names, member health identification numbers, dates of birth, Social Security numbers, addresses, telephone numbers, email addresses, employment information and income data.
Based on Anthem’s ongoing analysis, the personal information of around 100,000 Idahoans were likely impacted by the Anthem cyber-attack. According to Anthem’s raw initial analysis, approximately 25,000 Blue Cross of Idaho members were impacted by the Anthem cyber-attack of which approximately 9,000 are Idaho residents. The rest reside outside of Idaho. Blue Cross of Idaho is a separate company from Anthem or Premera and was not a direct part of the cyber-attack.
In mid-March 2015, Premera Blue Cross, serving Washington and Alaska, announced that it discovered consumer information had been compromised including applicant and member information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. Individuals who do business with Premera and provided their email address, personal bank account number or Social Security number are also affected.
What are the companies doing to protect my information?
Anthem notified the Federal Bureau of Investigation once the breach was discovered, and is working with a cybersecurity firm to evaluate the extent of the attack. They have sent notices to their customers and are responding to consumer questions. They will be providing free credit monitoring and identity protection services to all who were affected.
Premera is also working with the FBI and a cybersecurity firm and are providing consumers with two years of free credit monitoring and identity theft protection from Experian ®. Premera is beginning to mail letters to affected individuals. If you believe you may have been impacted and have not received a letter by April 20, 2015, you should call 800-768-5817. Premera has indicated it will offer free credit monitoring and identity theft protection to all people impacted by the breach. These free services are available for two years. Affected policyholders are required to activate the offer.
What should you do if your personal information was compromised?
Most importantly, stay calm, but continue to monitor your personal financial information. Both companies have said they are not yet aware of any fraudulent activity against policyholders because of the breach. However, as with any data breach, you should be on the lookout for suspicious account activity or anyone asking to collect sensitive information, like usernames, passwords and credit card information (referred to as phishing). It is important that you take action immediately to protect yourself.
It’s critical that each policyholder review his/her explanation of benefits (EOB) each month to monitor any fraudulent healthcare activity. If a policyholder suspects fraud, such as medical services received in an area of Idaho or the United States he/she did not visit, please contact the fraud hotline at 800-682-9095.
If you are an Anthem consumer, call 877-263-7995, the toll-free number they have established to assist consumers. Anthem has also set up a special website at www.anthemfacts.com to answer questions. If you think you might be affected by the Premera breach, visit http://www.premeraupdate.com/ or call 800-768-5817.
Sources: Idaho Department of Insurance, News Release – March 20, 2015; Premera Blue Cross and Blue Cross of Idaho, Broker Notifications – March 17, 2015