Anthem health data breach affects millions

It's the new fact of life in this information age, as hackers hit another major company.

This time, hackers broke into a health insurance database storing information for about 80 million people who are, or were, customers of the Blue Cross Blue Shield insurer Anthem.

The nation's second-largest insurer said it has yet to find any evidence that medical information like insurance claims or test results was targeted or taken in a "very sophisticated" cyber attack that it discovered last week. It also said credit card information wasn't compromised. The company said the hackers did gain access to names, birthdates, email address, employment details, Social Security numbers, incomes and street addresses of people who are currently covered or have had coverage in the past.

Michigan Connection?

Anthem's website shows it primarily does business in 14 states. Michigan is not on that list. However, Anthem is part of the national Blue Cross Blue Shield network.

"Blue Cross takes the privacy and security of our members information very seriously," said Andy Hetzel, the Vice-President of Corporate Communications at Blue Cross Blue Shield of Michigan.

Hetzel told Ruth to the Rescue Anthem is a separate company, but they do share information from time to time. For example, if a Michigan resident receives medical treatment in another state serviced by Anthem. Anthem's website lists these 14 states: California, Georgia, Maine, New Hampshire, Virginia, Colorado, Indiana, Missouri, New York, Wisconsin, Connecticut, Kentucky, Nevada, and Ohio.

"We're treating this incident like it could potentially impact our members here in Michigan. So, we're investigating just like we would investigate if our
own systems had been hacked," added Hetzel.

The investigation in Michigan and around the country is ongoing and fluid. "We're investigating, and as we discover the facts we'll be communicating with our members and our customers what's going on and the impact to them," said Andy Hetzel, Vice-President of Corporate Communications at Blue Cross Blue Shield of Michigan.

Hacker Threat Not Going Away

After a series of high-profile hackings that included Target and Home Depot, it's clear the threat is not going away.

"Every day these hackers are getting this information and they're not getting a couple hundred, they're getting a couple million," said T. Berry, a former Detroit police officer and safety expert that often works with Local 4.

"The companies now need to triple their efforts. they're not doing enough," he said.

In 2013, Anthem agreed to pay $1.7 million to resolve allegations it left the information of more than 612,000 members available online because of inadequate safeguards.

The Health and Human Services Department said then that the insurer didn't have adequate policies for authorizing access to the database, didn't perform a needed technical evaluation after a software upgrade, and did not have technical safeguards to verify that the people or entities seeking access were authorized to view the information in the database.

Regarding this incident, CEO Joseph Swedish, who was not running the company when the other breaches occurred, apologized to customers on a website that the insurer established to explain the latest problem, www.anthemfacts.com.

Protecting Yourself

"We do not want to rely on the companies. We want to protect ourselves," Berry told Ruth to the Rescue. He says you can use a "credit freeze" to for companies to call you to verify any new credit applications in your name.

"They're going to call you. Their credit bureau... is going to call you because you have an alert," he said.

You can put a "credit freeze" on your credit by contacting the three credit reporting bureaus Equifax, Experian and TransUnion. When you legitimately apply for credit, you will be forced to jump through a few extra hoops to prove your identity, such as a series of security questions. However, Berry said the extra effort can prevent the huge headaches that come if your identity is stolen.

Ruth to the Rescue also received this information from the Better Business Bureau.

1. Do not take a "wait and see" approach as you may have done with breaches involving credit card data. You must act quickly. Breaches involving Social Security numbers have the potential to be far more detrimental to victims, and the damage can be difficult to repair.

2. Consider taking a preemptive strike by freezing your credit reports. This will not impact existing credit cards and financial accounts, but will create a roadblock for thieves seeking to create fraudulent accounts using your personal information.

3. At a minimum, if you know your Social Security number has been compromised, place a fraud alert on your credit reports. While less effective than a freeze, this will provide an extra layer of protection. Click here to learn more about security freezes and fraud alerts.

4. Take advantage of the free credit monitoring services Anthem will be offering to breach victims. While this is not a preventative measure, this will alert you to new accounts or inquiries using your Social Security number so that you can act quickly to repair the damage.

5. Vigilance is key. Regularly check your credit reports at annualcreditreport.com for unauthorized charges or other signs of fraud. (NOTE: This is the only free credit report option authorized by the Federal Trade Commission.)

6. For more information and complete step-by-step guidance on repairing the damage caused by identity theft, visit the FTC's identity theft resources.

7. Expect that scammers will take advantage of this data breach to send out phishing emails and other messages that appear to be from Anthem, a credit bureau or other legitimate companies. Do not click on links from any email, text or social media messages about this or any other data breach.

Going forward, Berry says don't let your guard down and he hopes companies will step up security. "When your store keeps getting robbed, what do you do? You either put up glass or you hire a security guard, right? Same thing!"


About the Author: