Were you one of those that were expecting us to write about Anthem’s cyber attack?
Sorry that we disappointed you last week!
But in response to the requests we’ve received, we are here to deliver today.
For those readers that don’t know what we’re talking about, let’s cover
a bit of history, quoted from Anthem’s own letter to its members:
“On January 29, 2015, Anthem, Inc. (Anthem) discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT system and obtained personal information relating to consumers who were or are currently covered by Anthem or other independent Blue Cross and Blue Shield plans that work with Anthem. Anthem believes that this suspicious activity may have occurred over the course of several weeks beginning in early December, 2014.
“The information accessed may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, employment information, including income data. We have no reason to believe credit card or banking information was compromised, nor is there evidence at this time that medical information such as claims, test results, or diagnostic codes, was targeted or obtained.”
Their letter went on to talk about the Identity Protection Service
Anthem has employed, the toll free hotline they set up, and their fraud
But perhaps you, like we, want to hear about this from at least one, and
even better, many reputable third parties.
A couple of days after Anthem’s letter, Business Insurance posted an article
stating that “Anthem data breach will raise scrutiny of health organizations’ cyber risks.”
“Underwriters are expected to intensify their scrutiny of cyber risks within health care organizations as a result of the massive data breach affecting Anthem Inc., but competition and capacity could limit premium increases.
“There is a question as to whether Anthem “did what they needed to do” in encrypting the personally identifiable data, said Scott L. Vernick, a partner at law firm Fox Rothschild L.L.P. in Philadelphia. According to media reports, Anthem encrypted its data when it was in transit but not sitting on its servers, which is where the attack occurred, and U.S. investigators suspect state-sponsored Chinese hackers are linked to the hack.
“Several lawsuits naming Anthem, the nation’s second-biggest health insurer, as a defendant and seeking class certification already have been filed. Among them is Susan Morris et al. v. Anthem Inc. et al., a suit filed in Santa Ana, California, federal court accusing the health insurer of unfair business practices, breach of covenant of good faith and fair dealing, and other charges. Ms. Morris’ attorney, Aashish Y. Desai of Costa Mesa, California-based Desai Law firm P.C., said he expects the litigation to be consolidated in one jurisdiction, which is usual in comparable national litigation.
“Although there are no indications that the stolen Anthem data has been sold, experts say the data would be far more valuable on the black market than credit-card information because it cannot be canceled or changed.
“The Anthem data can fetch as much as $20 per record in the black market vs. $1 for credit-card data, said Craig Musgrave, senior vice president and chief information officer at Napa, California-based medical malpractice insurer The Doctors Co.”
ABC News posted “5 Things That Could Happen to Your Personal Information:”
1. “File and steal tax refunds: Tax identity cases were up 135 percent in 2014 from 2013, according to the IDT911 fraud center.”
2. “Open new credit cards.”
3. “Apply and secure a loan.”
4. Apply for a job (ok, this one surprised us, too): “An undocumented worker or someone looking to rid of their troubled past could use the information for your stolen identity to find work.”
5. “Pursue medical treatment.”
Did we address all your concerns?
Or did we miss something?
Please share your questions, or your experience, in the comments section below.
Or reach us more privately by completing the form on the Contact Us page.