4

Recently, Anthem (A health insurance company somehow associated with Blue Cross Blue Shield and potentially other insurance providers that I am unaware of) was the victim of a large data breach. I've seen reports that Anthem had a vulnerable database with the records of 80 million customers. I've also seen that they haven't informed many of those individuals.

How can I or my family have been affected? Or do I just have to sit around and wait until someone tells me?

On a similar note, how do I take precautions if I have been affected? If my medical information was stolen there isn't much I can do is there? For passwords I can change them and not use the same password (which I don't), but is there anything else I should be thinking about?

Thanks!

Fernando
  • 705
  • 5
  • 17
  • Not an answer to your question, but you will want to at least switch your family to a different provider. A compromise of "names, birth dates, member IDs, Social Security numbers, addresses, phone numbers, email addresses and employment information" is **massive**. Your policy can be used fraudulently for major operations, and the company's apparent reaction to the breach thus far does not inspire confidence that you would see much cooperation in disputing any fraudulent usage. – AJAr Feb 11 '15 at 17:17
  • 7
    Since most users of Anthem are so because their employer chose Anthem, saying "switch your family to a different provider" is a non-starter for 99% of us. Few Americans have a choice of insurance providers. – gowenfawr Feb 11 '15 at 17:31
  • Thanks for the info AJAr, but gowenfawr has it right. While I'm not sure if I am directly affected if I am, switching plans wouldn't be a viable option. – Fernando Feb 11 '15 at 17:36
  • Ah, that's true. Didn't consider that. – AJAr Feb 11 '15 at 18:05

2 Answers2

5

First, if you're a current or former member of Anthem, (or think you may be) they have a toll-free number you can call for more information on the breach and how you are affected: 1-877-263-7995. They have also set up an FAQ with more information on the scope of the breach. I'd suggest reviewing this to get a better idea of how you've been affected.

What precautions can you take?

  1. You can change your password to any Anthem website, if it makes you feel better, but there's no indication at this point that passwords of any kind were accessed. (It seems to be a customer database that was pilfered, not an application database with authentication credentials.)
  2. Verifying that you don't re-use passwords between sites is generally good practice, which you've said you already follow. A breach can be used as a periodic reminder to review passwords, change weak ones, and reassure yourself that you're not re-using them.
  3. You should definitely monitor your credit, since critical PII (SSN, DOB, all of the sort of information you'd need to set up a financial account) was released. They'll provide free monitoring for some period of time if your information was released, but I'd generally recommend that you should be regularly monitoring your credit in an on-going fashion, regardless of whether your information has been released in a specific breach or not.
  4. No medical or credit card information appears to have been stolen, so no reason to worry about that at this junction. Again, however, it's always good practice to monitor credit card statements closely. Though they weren't impacted by this breach, they're stolen frequently enough that it's important to always be on-guard against card abuse.
  5. Be extra on-guard for phishing attempts. I've personally had my email released in data breaches lead directly to broadly-targeted phishing attacks. So, be extra wary of emails purporting to be from Anthem, or related to Anthem.
Xander
  • 35,525
  • 27
  • 113
  • 141
0

Are you an Anthem customer? Specifically, do you carry an insurance card with "Anthem" written on it? If not, then you're probably safe.

If so, have you received an email from Anthem? Then you're probably impacted by the breach. (This assumes they have the right address for you and it didn't get spam filtered - I found mine in my spam folder).

If you haven't received an email, then contact your human resources representative through the organization you receive your insurance through.

I haven't seen anything that suggests information other than that of subscribers was affected. And if you're a subscriber, there's a chain of command. Your HR department, or whatever group you're insured as a part of, should be getting official communications on this, and should pass them to you if you ask. And you can always call the number on the back of your card, although you'll probably just get generic statements matching what's in the news.

The specific security considerations you might want to consider, if you are included among those whose information was compromised, are general protections against identity theft. That's a broad topic with good advice on this site and elsewhere.

...I don't think you have to worry about threats based on your specific medical history. Firstly, there's no indication detailed medical records were compromised, just subscriber information. Secondly, taking advantage of that sort of thing is somewhat custom - like blackmail - whereas identity theft is relatively wholesale. The attackers are going to cast wide nets with this info, not bait individual hooks.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • 1
    I've read that Anthem is NOT sending emails, but rather contacting people through snail mail. If you receive an email, it's probably phishing and will ensure you are compromised: http://krebsonsecurity.com/2015/02/phishers-pounce-on-anthem-breach/ – thursdaysgeek Feb 12 '15 at 00:43
  • I'm an Anthem subscriber, and I got an email from them, with valid Received and DKIM headers to attest as to its validity. It didn't say anything more than you've seen everywhere - "go to AnthemFacts.com for further info" - but it was legitimate. – gowenfawr Feb 12 '15 at 03:06
  • My understanding is that it's not just current customers, so even if you're not an Anthem customer now, but have been in the past, you could still have a problem with this. – Tango Feb 23 '15 at 19:51