February 27, 2015
As many of our members know, Anthem, Inc., a Blue Cross and Blue Shield company,
experienced a sophisticated cyber attack recently that allowed hackers access to
members’ personal information, including information of some of our members at Arkansas
Blue Cross and Blue Shield, BlueAdvantage Administrators of Arkansas and Health
Advantage.
The member information accessed was limited to personal identification data and
includes names, dates of birth, addresses, telephone numbers, emails, health plan
ID numbers, and a small percentage of Social Security numbers (SSN). According to
Anthem, no member credit card, claims or medical information was compromised. Anthem
and Arkansas Blue Cross are in the process of notifying these members and letting
them know that Anthem is offering free credit monitoring and ID theft protection
to them.
Background
The cyber attack that Anthem experienced appears to have begun in early December
2014, but was not detected by Anthem until January 27, 2015, due to the fact that
the unknown intruder used a system identity and password of an Anthem database administrator
that had been hijacked; it took Anthem several more days, to January 29, 2015, before
it was able to determine that an internal database at Anthem had, in fact, been
breached.
Arkansas members affected
Anthem has notified us that 17,050 Arkansas residents covered or administered by
Arkansas Blue Cross, BlueAdvantage or Health Advantage have been affected; only
eight with Social Security number disclosure.
Additionally, 144,865 Arkansas residents covered by Anthem or another Blue Plan
have been affected.
Anthem states where claims were processed
All Blue Cross and Blue Shield companies work independently. However, Anthem serves
as the claims processor for health care services received in the 14 states where
Anthem operates.
February 9, 2015
Be Careful of Email Scams
If you receive an email from Anthem Blue Cross and Blue Shield — and it asks you
to "click here" — it is NOT from Anthem.
- Do NOT click on any links in the email.
- Do NOT reply to the email or reach out to the sender in any way.
- Do NOT open any attachments that may be attached to the email.
If you receive a phone call from anyone who's says they are calling on behalf of
Anthem, and they are asking for credit card information or Social Security numbers,
they are NOT representing Anthem or any Blue Cross and Blue Shield plan. Do NOT
give them any information.
If any members of Arkansas Blue Cross and Blue Shield, Health Advantage or BlueAdvantage
Administrators of Arkansas are affected by the Anthem security breach (and there
is no indication of this at this time), you will be notified via the U.S. Postal
Service with specific information on free credit monitoring and ID protection services.
For more information on recognizing email scams, please visit the FTC website.