Health insurer Anthem, one of the nation’s largest health insurers, has reported a massive data breach and potential theft of tens of millions of pieces of personal information relating to its insureds, including names, birth dates, addresses and Social Security numbers.
According to published reports, the breach may involve personal information of not just current insureds, but former insureds as well. Anthem does not believe health information was compromised, but is working to confirm that. Anthem has a national footprint, including a significant presence in the country’s most populous states, particularly California and New York. It also serves as a third-party claims administrator for many self-insured, employer-sponsored group health plans. Many Lockton clients use Anthem either as an insurer or third-party claims payor. We are working with Anthem to determine which of our customers are affected, and will notify those customers as soon as we learn more from Anthem. According to published sources, the breach occurred last week and involved “sophisticated” efforts. Investigators traced hacked information to an outside internet storage service and locked down the data there, but do not yet know whether the hackers moved some or all of the data to other sites before the lockdown. Anthem has said it will notify — by mail and, where possible, email — everyone whose personal information was stored on the compromised database. Anthem’s website provides additional information about the cyber attack. If you are a current or former Anthem customer, we have prepared a model employee communication that you might find helpful if you desire to communicate with your employees about the data breach. Please click for the model communication (you may need to save before opening).
We will keep you informed as we learn more.
Edward Fensholt, J.D. and Mark Holloway, J.D.
Lockton Compliance Services