Say it Ain’t So, Joe
These attackers gained unauthorized access to Anthem's IT
system and have obtained personal information from our
current and former members such as their names, birthdays,
medical IDs/social security numbers, street addresses, email
addresses and employment information, including income
data. Based on what we know now, there is no evidence that
credit card or medical information, such as claims, test
results or diagnostic codes were targeted or compromised.
Joseph R. Swedish
President and CEO
• Anthem business units affected: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield
of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.
• What information has been compromised?
• Initial investigation indicates that the member data accessed included names, dates of birth, member ID/ social
security numbers, addresses, phone numbers, email addresses and employment information.
• When will I receive my letter in the mail?
• We continue working to identify the members who are impacted. We will begin to mail letters to impacted members
in the coming weeks.
• How can I sign up for credit monitoring/identity protection services?
• All impacted members, former members and impacted affiliated plan members will receive notice via mail which will
advise them of the protections being offered.
• Do the people who accessed my information know about my medical history?
• No - our investigation to date indicates there was no diagnosis or treatment data exposed.
• Do the people who accessed my information have my credit card numbers?
• No, our current investigation shows the information accessed did not include credit card numbers or banking info.
How Bad Is it?
(1) Ebay – 145M; (2) Heartland Payment Systems – 130M; (2) Target – 110M; (3) Sony Online
Entertainment – 102M; (4) TJ Max 94M; (5) AOL – 92M; (6) National Archives and Record
Administration - 76M; (7) Anthem – 80M; (8) Chase – 76M; (9) Epsilon – 60M; (10) Home
Depot - 56M; (11) Evernote – 50M; (12) Living Social – 50M
Medical Data Is More Valuable
Medical records typically include
• Contact information
• date of birth
• Social Security numbers
• Physical characteristics
• Identity theft
• Insurance Fraud
2012 Ponemon Study
• 94 percent of hospitals surveyed had data breach
A Matter of Trust • Data Not Encrypted
• Attorneys general from 10 U.S. states sent a letter to
Anthem complaining that the company has been too slow in
notifying consumers that they were victims of a massive
data breach disclosed last week
• Settled lawsuits from California and Indiana Attorney
Generals over late notification from prior breaches
• All 56 state and territorial insurance commissioners will be
investigating the breach with Indiana, California, Missouri,
Maine and New Hampshire taking lead due to significant
• Over a dozen lawsuits so far.
What Next (from BBB)
• DO NOT take a “wait and see” approach. The type
of information stolen in this case is much more
sensitive and valuable than credit or debit card
data. You must act quickly. Breaches involving
Social Security numbers have the potential for
wide-ranging problems for victims, and the
damage can be difficult to repair.
• Consider taking a preemptive strike by freezing
your credit reports. This will not impact existing
credit cards and financial accounts, but will create
a roadblock for thieves seeking to create
fraudulent accounts using your personal
• At a minimum, if you know your Social Security
number has been compromised, place a fraud
alert on your credit reports. While less effective
than a freeze, this will provide an extra layer of
protection. Click here to learn more about security
freezes and fraud alerts.
• Take advantage of the free credit monitoring
services Anthem will be offering to breach victims.
While this is not a preventative measure, this will
alert you to new accounts or inquiries using your
Social Security number so that you can act quickly
to repair the damage.
• Vigilance is key. Regularly check your credit reports
at annualcreditreport.com for unauthorized
charges or other signs of fraud. (NOTE: This is the
only free credit report option authorized by the
Federal Trade Commission.)
• Expect that scammers will take advantage of this
data breach to send out phishing emails and other
messages that appear to be from Anthem, a credit
bureau or other legitimate companies. Do not
click on links from any email, text or social media
messages about this or any other data breach.
Detecting Medical Identity Theft
• Read medical/insurance
• Look out for
• Bill for medical services not received
• Medical collection notices on credit
report you don’t recognize
• Notice from health plan you reached
your benefit limit
• Unexpected withdrawals from bank
• Debt collection calls for debts that
• You stop getting your bills or other
• Unfamiliar accounts on your credit
• The IRS notifies you more than one
tax return filed under your name
• Accounting of Disclosures
• Ask each of your health plans and medical
providers for a copy of the accounting of
disclosures for your medical records. Identifies
who got copies of your records from the
• May request every 12 months
• Correct any errors in your medical records
• Get copies of your credit reports
Founder of the INTERNET LAW CENTER in Santa Monica
Host of CYBER LAW AND BUSINESS REPORT
Broadcast through Webmaster Radio and iHeartRadio
Nominated for LA Press Club Award for Best Public Affairs Talk Radio Show in 2014
Named One of Most Influential Lawyers in Digital Media and
E-Commerce by Los Angeles Business Journal
Past Co-Chair of the California Bar Cyberspace Committee
Selected By US Dep’t of Commerce to Present on
U.S. E-Commerce Law as part of U.S.-China Legal Exchange