Update for former Anthem members regarding cyber attack, phishing attempt
Editor’s note: On Feb. 6, Anthem notified UC of a phishing scam related to the cyber attack. The phishing scam, which uses Anthem’s logo [PDF], includes an offer to sign up for a year of credit card protection. If you receive this or a similar email, do not respond to or click on any links. Anthem is not calling or emailing members.
As many of you have heard in the news, Anthem, Inc. disclosed last week that the health insurer was the target of a very sophisticated external cyber attack and that data for its 80 million members was accessed. This potentially includes information about UC students, faculty, staff and retirees, as well as their dependents.
Currently, Anthem is the network provider and claims administrator for UC SHIP, the university’s student health insurance plan, at UC San Francisco, Hastings College of the Law, UC Santa Cruz, UC Irvine (graduate students only), UC Merced, UCLA and UC San Diego. UC Irvine undergraduates and UC Davis students have vision insurance only through Anthem. Anthem provided services for UC SHIP at all campuses from August 2011 through July 2013.
In addition, from 2003 until Jan. 1, 2014, Anthem provided health insurance to certain UC employees and retirees and their dependents.
According to Anthem, the information accessed through the attack includes member names, member health ID numbers/Social Security numbers (Anthem does not possess Social Security numbers for UC students), dates of birth, addresses, telephone numbers, email addresses and employment information, such as the UC campus or medical center location and the separation date.
Anthem has created a dedicated website where current and former Anthem members can find information. Members may also call 1-877-263-7995.
UC is in communications with Anthem to understand the effect of this data breach on current and former Anthem members. Here is a summary of information Anthem has provided:
- Anthem’s investigation to date shows that no confidential health information (e.g., no claims information, no diagnosis) was accessed.
- Anthem has advised UC that there is no indication at this time that any employees’, retirees’ or students’ personal information has been misused.
- Anthem will enroll members affected by the attack in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring. Anthem will notify affected members only by mail sent through the U.S. Postal Service.
- Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the Federal Bureau of Investigation (FBI) and began fully cooperating with its investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to provide incident response and security assessment services.
Additionally, Anthem has provided these Frequently Asked Questions [PDF] that further explain the cyber attack.