Anthem Inc., parent company of one of the health insurance providers for University of Colorado faculty and staff, last week announced it was the victim of a highly sophisticated cyberattack in which data of tens of millions of current and past members was accessed.
Because CU employees might be among those affected, Employee Services has been providing email updates on news and information from Anthem. Employees should take precautions to protect personal data, including being especially wary of possible phishing attempts.
Anthem will offer credit monitoring and repair services retroactive to the date of the data breach. Employees may begin calling Anthem’s hotline next week to enroll in these services; details are provided below in an FAQ from Anthem.
Is there information Anthem clients and customers can provide to members who ask about the Anthem data breach?
Anthem encourages anyone with questions to go to AnthemFacts.com or call the toll free number, 1-877-263-7995.
What information has been compromised?
Initial investigation indicates that the member data accessed included names, member ID numbers, dates of birth, Social Security numbers, addresses, phone numbers, email addresses and employment information, including income data.
How will members be notified that their information was in the database?
Anthem is working to identify the members whose information was accessed. This work takes time, and while Anthem is working as fast as it can, Anthem also wants to ensure it correctly identifies everyone who is impacted by this attack. This work is being conducted simultaneously with the FBI and private company Mandiant investigations into the data breach.
Once Anthem has identified all who are impacted, it will begin the process of distributing letters. It expects the mailing to begin in the coming weeks. Anthem will share a more detailed communications timeline once impacted members have been identified.
Anthem will offer identity repair services, which will be retroactive to the date of the potential exposure, and credit monitoring, which is effective if and when affected employees enroll, through a trusted vendor. Anthem is in the final stages of preparation with the vendor, and anticipates members will be able to access the vendor hotline next week. At that time, members will be able to call the hotline and receive identity repair services, and if they chose, can also enroll in credit monitoring. Members will not need to wait until they receive their mailed notification. Anthem will provide more detailed communications once the hotline is available.
Anthem is notifying all impacted members by mail with an offer of free credit monitoring. It will also provide HITECH notice to those consumers affected where required by law. The Anthem IT team also will be notifying members through email, website notice, and media notice, or as otherwise required under a state's breach notice provision for substitute notice. This includes current and prior members.
Can those impacted sign up for credit monitoring and repair services now?
Anthem is in the final stages of preparation with the vendor, and anticipates members will be able to access the vendor hotline next week. At that time, members will be able to call the hotline and receive identity repair services, and if they chose, can also enroll in credit monitoring. Members will not need to wait until they receive their mailed notification. Anthem will offer identity repair services, which will be retroactive to the date of the potential exposure, and credit monitoring, which is effective if and when the consumer enrolls, through a trusted vendor. We will provide more detailed communications once the hotline is available.
Have all Anthem outbound calls stopped? People are very concerned all calls are fraud.
No, Anthem will continue to make outbound calls that are vital for its normal course of business, such as calls from its clinical staff to members who are enrolled in care management programs.
However, Anthem will not make outbound calls to members about the data breach, and will not ask members for their Social Security numbers, credit card or banking numbers with regard to the data breach.
Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the data breach with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and identity protection services.
For more guidance on recognizing scam emails, please visit the FTC Website: www.consumer.ftc.gov/articles/0003-phishing.
Do you recommend members change their password on the secure member site?
While there is no evidence in Anthem's investigation to date to suggest that member information or credentials were compromised related to any Anthem websites, Anthem encourages members and associates to frequently change personal passwords that are used to access sensitive data.