Anthem Blue Cross Security Breach (Individual Health)
Anyone who has recently applied for individual health insurance with Anthem Blue Cross and been assigned an online application tracker link needs to be aware of the following unauthorized security breach. Affected applicants will receive notification with details and one year of free identity protection services. No agent has been or likely will be notified of specific applicants (if any) who were affected.
PHI Breach by Individual Applicant, Attorneys
Anthem Blue Cross recently learned of a situation in which a small number of individuals manipulated the web address within the website we use to allow people to track the status of their Individual insurance applications. Through this manipulation, some of these individuals gained unauthorized access to certain private information.
The vast majority of the manipulation and the resulting unauthorized access occurred at the hands of certain attorneys, who were representing an applicant. We believe that this manipulation was conducted to support a class action lawsuit against Anthem Blue Cross or its parent company - over the very breach they were committing.
The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again.
Anthem has worked since discovery of this matter to analyze the data in an effort to identify all individuals whose information may have been impacted and prepared to communicate directly to affected members and applicants as soon as possible.
We have received no indication that any information has been used in a way that is detrimental to the applicant; however, out of an abundance of caution, all appropriate applicants will receive a detailed notification from Anthem explaining what happened, and will be offered identity protection services for one year at no cost.
Note: This does not impact Group, Senior or State-Sponsored Business.