Please Note: All updates regarding Anthem are on this page in order of most recent to oldest.
March 5 | February 18 | February 13
March 5, 2015 - Anthem Data Breach Update
We'd like to update you on the progress and process of member notifications by Anthem for those impacted by the cyber-attack across the country, and among Excellus BlueCross BlueShield plan's membership, in particular.
We have a dedicated team working every day with Anthem to help them accurately match files for proper membership notifications to occur. Generally, we're confident the attack impacted a low percentage of our membership, but the specific numbers continue to be fluid, so we think it would be unproductive to cite a number today, knowing it will be updated tomorrow and in the weeks to come. As impacted members are identified, notifications by Anthem will occur without delay. In fact, a sample notification letter we've attached here, shows specifically what impacted members will be told, including the services offered to them:
View Anthem sample communication (PDF)
Anthem has informed us that starting the week of March 9, notification letters to nonAnthem members will be sent. Additional notifications will take place as more impacted individuals become identified. We want to emphasize that from the start, we have supported Anthem offering credit monitoring services to not only those who it knows were impacted but also to those members concerned that they may have been impacted.
The difficulty of providing precise numbers of memberships impacted plan by plan at this stage is based on a host of factors that are still being sorted out. For example, some impacted may be former members of a plan, some are deceased, others could be residents in upstate New York in our area who are employees of a company headquartered in another state but who got medical services over the past 10 years in any of the multiple states where Anthem operates. That last scenario involves multiple Blue Cross Blue Shield companies. So, the membership files for those kinds of cases is what makes it tricky to provide a general report of membership impacts plan by plan.
Specifically for self-funded group arrangements, Anthem has submitted breach notification filings to the required state and federal regulators, including the Office for Civil Rights and the Centers for Medicare & Medicaid Services, both for itself and on behalf of other affected covered entities. This is expected to fulfill the filing requirements established by law and detailed in our respective Business Associates agreements for all affected Blue Cross Blue Shield plans, including Excellus BCBS, as well as their ASO accounts.
The key focus is ensuring that our members' needs are being met. That's why we support Anthem's approach to err on the side of the customers and offer the remedy ahead of knowing whether they were victims of the breach. Any and all members who were impacted by the breach – whether they were Anthem's member, our member or another BCBS plan's member – will be properly notified and offered credit monitoring and identity theft protection.
If you have any questions, please contact your account consultant.
Back to the top
February 18, 2015 - Anthem Data Breach Update: Credit Protection Now Available
As reported in the February 13 Broker News, we are collaborating with Anthem Blue Cross Blue Shield to determine if any of our members were impacted by the February 5 data breach. In the meantime, Anthem has updated their website with credit protection for any Blue Cross and Blue Shield member, starting in 2004 and including current members.
We will be contacting any identified Excellus BlueCross BlueShield members who are directly impacted by the data breach as soon as possible, however any members who feel they may be at risk are encouraged to sign up for credit protection offered by Anthem at no charge.
For your reference, we've included the February 13 Broker News article below:
Back to the top
February 13, 2015 - Update: Anthem Data Breach
A number of you have contacted our health plan asking (a) whether any members of Excellus BlueCross BlueShield were impacted by the cyber attack on Anthem that was announced around February 5, and (b) what services will be made available by Anthem to protect those members.
As to the first question, Anthem is in the process of sharing files that we're reviewing to better assess what members might have had information that was compromised during the breach as a result of receiving services in Anthem markets, but we have no details to offer up yet. When we and Anthem identify any impacted customers of ours, a formal notification process will take place that directly informs the impacted customer and offers up services.
As to the second answer, we wanted to let you know that Anthem just announced on February 11 that it will be offering two years of free identity protection services to any member impacted by the cyber attack. It's also offering the same services if any Excellus BlueCross BlueShield member was impacted as well, even though we are a separate company. If Anthem and we identify a member of ours that was impacted by the breach, that member would be formally notified and offered those services. Details about those protections and the means of getting those services will be announced very soon on the special website that Anthem has set up for this: AnthemFacts.com
Back to the top