Anthem Blue Cross Security Breach (Individual Health)

Anyone who has recently applied for individual health insurance with Anthem Blue Cross and been assigned an online application tracker link needs to be aware of the following unauthorized security breach. Affected applicants will receive notification with details and one year of free identity protection services. No agent has been or likely will be notified of specific applicants (if any) who were affected.

PHI Breach by Individual Applicant, Attorneys

Anthem Blue Cross recently learned of a situation in which a small number of individuals manipulated the web address within the website we use to allow people to track the status of their Individual insurance applications. Through this manipulation, some of these individuals gained unauthorized access to certain private information.

The vast majority of the manipulation and the resulting unauthorized access occurred at the hands of certain attorneys, who were representing an applicant. We believe that this manipulation was conducted to support a class action lawsuit against Anthem Blue Cross or its parent company - over the very breach they were committing.

The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again.

Anthem has worked since discovery of this matter to analyze the data in an effort to identify all individuals whose information may have been impacted and prepared to communicate directly to affected members and applicants as soon as possible.

We have received no indication that any information has been used in a way that is detrimental to the applicant; however, out of an abundance of caution, all appropriate applicants will receive a detailed notification from Anthem explaining what happened, and will be offered identity protection services for one year at no cost.

Note: This does not impact Group, Senior or State-Sponsored Business.

Comments

  1. Ok so I received a letter from Anthem and am somewhat pissed off. Should one year of free monitoring put my mind at ease? No. What happens five years from now when this list resurfaces? What sort of recourse do I have then?

    ReplyDelete
  2. I also received the letter authorizing my Minor Child to have Identity Theft protection. What about us, the parents, whose SSN and other ID information is associated with her records? Why are WE not covered by the Identity Theft protection??!

    ReplyDelete
  3. Anonymous--

    David,
    Sorry it took so long to respond – I wanted to make sure I had the correct answer for you. I just found out we will be sending a separate letter to those who submitted an application for a minor. This explain will clarify that they will have the opportunity to sign up for free credit monitoring if their information was on the application.

    Here is how our customer service reps will respond to this question.

    Q. If a parent or legal guardian applied for individual insurance for a dependent/minor, and their personal information was accessed, will they be also be eligible for credit monitoring?

    A. Yes. We will communicate by letter to parents or legal guardians who applied for individual insurance for a minor, if their information could have been accessed.


    So it is in process to provide protection to any parents/guarians whose information may have been compromised on the minor's application.

    Dave

    ReplyDelete
  4. As a recipient of the letter from Anthem, I am extremely angry that this kind of breach was allowed to occur. One year of identity protection is not enough to make up for all the hassle of protecting the excellent credit I have spent years creating.
    As a self-employed individual, who pays for my time to correct their mistake?
    I certainly hope the CEO will be taking the money out of his own exhorbitant salary and not put it on the backs of people already paying too high premiums.
    Last thing I want to know...how do I sign up for the class action lawsuit?

    ReplyDelete
  5. Here is my question, The application was placed under my name, but the letter was sent to my spouse. Only one activation code was given. Will we also receive another letter like the parent's of the minor child?

    I also want to know if we can jump on the band wagon of filing suite for breach of confidentiality?

    I also want to know what we can do to push for protection for the rest of our lives? This information could resurface at any time. I think the one year protection is like BP trying to cap the oil spill in a "resonable" amount of time. There is a difference between prevention and treatment. I feel we are being victimized twice and yes it also pisses me off!

    ReplyDelete
  6. So let's get this straight. Insurance companies expect us to pay constant rate hikes, deny care, and we're suppose to be O so forgiving of a MASSIVE BREACH of our personal information?

    I had my social security number stolen once in the past but some illegal immigrant. Once was enough.

    What I want to know, with upwards of 800,000 people being a victim, where's the lawyer to pick up a class action suit here? I don't care to alleviate my rights for "one year of credit monitoring".

    A criminal who might have my information can do YEARS OF DAMAGE. I learned that above when some illegal stole my credit card number somehow (and I'm very careful to shred EVERYTHING).

    All I have to say is I hope some ambulance chaser takes on the case against Anthem. My information and that of 100s of thousands of others may be floating out there for someone to utilize.

    Piece of mind...

    ReplyDelete
  7. Great job Anthem! Our info was put to use by ID thieves out of Oakland and has caused nothing but chaos with our accounts.

    1 year of theft protection? Are you kidding? This needs to be a flat out class action lawsuit.

    ReplyDelete
  8. I have not heard anything specific regarding a lawsuit about this identity theft. If I do, I will post a blog on it so that those affected can contact the appropriate parties.

    My sympathies to anyone who has been adversely affected by this security breach.

    ReplyDelete

Post a Comment

Popular posts from this blog

Anthem Blue Cross (CA) Adding SilverSneakers® Fitness Program

2016 Open Enrollment Has Begun

How Will Donald TRUMP ObamaCare?