Anthem/Empire BCBS Hit by Hackers
*** UPDATE ***
Anthem, Inc., the parent company of Empire BlueCross BlueShield, issued a press release today announcing that in the coming weeks a letter will be mailed to all current and former members, reaching back to 2004. The letter includes updated information on the cyber attack and advises members that they will be automatically enrolled in an identity repair program at no cost for two years as well as instructions on how to enroll in additional services, including a credit monitoring program, also at no cost for two years. Members can immediately enroll in this service by going online via www.anthemfacts.com or calling the vendor 877-263-7995. Phone lines will be open from 2:00 to 9:00 p.m. ET on Friday, and will be open 9:00 a.m. to 9:00 p.m. ET Monday to Saturday. Spanish-speaking members may access information at AnthemInforma.com, or receive assistance in Spanish at 877-263-7995.
Empire Blue Cross Blue Shield warns of scam emails targeting Empire members. These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from Anthem (Empire’s parent company), and the emails include a “click here” link supposedly for credit monitoring. These emails are NOT from Anthem or Empire.
If you receive such an email:
• DO NOT click on any links in the email.
• DO NOT reply to the email or reach out to the senders in any way.
• DO NOT supply any information on the website that may open, if you have mistakenly clicked on a link in the email.
• DO NOT open any attachments that arrive with the email.
Empire also is NOT calling members regarding the cyber attack and is NOT asking for credit card information or social security numbers over the phone. Empire says it will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Empire has announced that affected members will receive free credit monitoring and ID protection services.
Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.
Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.
Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website – www.AnthemFacts.com – where members can access information such as frequent questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995. As we learn more, we will continually update this website and share that information with you.