COLUMBUS — Ohio Lieutenant Governor and Department of Insurance Director Mary Taylor has issued a consumer alert to help keep Ohioans informed after the recent announcement of a cyber-attack on Anthem Blue Cross Blue Shield. The cyber-attack exposed the personal information of both current and former Anthem members and policyholders.
“Cybersecurity is an increasingly serious issue impacting more than just insurance companies as several major companies have recently fallen victim to hackers and cyber-attacks,” Taylor said. “In order to protect consumers and their personal information, companies must be vigilant in their efforts to secure their systems and data. I will continue to work with regulators across the country to identify the scope of the Anthem attack and seek solutions to protect personal consumer and health information.”
Taylor is urging consumers to take action to protect their information, including using identity protection that Anthem is providing, using common sense when providing sensitive information, and being aware of phishing attempts and other fraudulent activity.
In late January, Anthem discovered the unauthorized access of consumer information including member names, member health identification numbers, dates of birth, Social Security numbers, addresses, telephone numbers, email addresses, employment information and income data. At this time, it does not appear that medical information was accessed and Anthem is not aware of any fraudulent activity against policyholders that has occurred as a result of the breach.
What is Anthem doing to protect my information?
Anthem notified the Federal Bureau of Investigation once the breach was discovered, and is working with a cybersecurity firm to evaluate the extent of the attack. Anthem will be providing two years of identity protection services for all customers who have been Anthem members in the last 10 years.
What should I do now?
- Most importantly, stay engaged and continue to monitor the situation closely. Consumers should look for notification from Anthem. The notification may come via email or mail, but Anthem will not be asking for sensitive information via email or phone.
- Consumers who have provided e-mails to Anthem and have opted in to receiving communications may receive an e-mail directing them to visit www.anthemfacts.com to sign up for services. This e-mail is scheduled to be distributed the week of Feb. 16. and will not ask for personal information and will not contain a link to any websites other than www.anthemfacts.com.
- However, as with any data breach, be on the lookout for suspicious activities that may try to phish or collect sensitive information, like user names, passwords and credit card information. It is important that you take action immediately to protect yourself.
- Call 877-263-7995, the toll-free number Anthem has established to sign up for the free identify protection services. Anthem has also set up a special website at www.anthemfacts.com to answer questions and consumers can also sign up for services from that website. Be sure to type in the web address directly.
- Pay close attention to any link sent by emails or social media, as scammers will try to take advantage of the breach. Often they will send phishing emails that appear to be from your bank or Anthem offering to help.
- You may want to consider placing a freeze on your credit report with the three major credit reporting agencies. This allows you to restrict access to your credit report, making it more difficult for identify thieves to open new accounts in your name. Be sure to protect the information of your family as well – including children and elderly parents.
- Contact your bank or credit-card company if you notice suspicious activity on your account. You may ask them to put a security block on your account or preemptively request a new credit or debit card.
- Make sure to closely monitor your accounts, credit score, bank, credit card and other financial information.
Designed to capture personal information (known as “phishing”), these scams appear as if they are from Anthem. The emails include a “click here” link for credit monitoring. These emails are NOT from Anthem. Anthem is not calling members regarding the cyber-attack and is not asking for credit card information or social security numbers over the phone. This outreach is from scam artists who are trying to trick consumers into sharing personal data.
There are also two types of fraud alerts that a consumer can initiate to help protect themselves. An initial alert can be placed on your credit report if you suspect you have been, or have the potential to be, a victim of identity theft. An initial fraud alert stays on your credit report for at least 90 days. You may have an extended alert placed on your credit report if you have already been a victim of identity theft but must provide appropriate documentary proof. An extended fraud alert stays on your credit report for seven years.
You can place a fraud alert on your credit report by calling the toll-free fraud number of any of these three national credit reporting agencies: