Company News

Anthem Notifies Employers of ‘External Cyber Attack’

YOUNGSTOWN, Ohio — Anthem Inc., the nation’s second largest health insurer, is notifying companies and individual customers that its security systems have been hacked in what the company calls “a very sophisticated external cyber attack.”

The database contained personal information for 80 million Anthem current and past customers and its employees, according to published reports. As of Dec. 31, Anthem had 37.5 million medical members.

The company, formed in 2004 when Anthem Insurance Co. purchased WellPoint Health Networks, has customers in 14 states. Among its hundreds of affiliations, Anthem is the preferred provider of the Youngstown Warren Regional Chamber, which offers its members “group buying power and significant savings” on their premiums through the company’s Ohio Plan.

Anthem notified affected Ohio businesses of the cyber attack in an email distributed shortly before midnight. The email was signed by Ken Goulet, president of Anthem’s commercial and specialty business division, and Erin Hoeflinger, Ohio Plan president. (The same letter is posted on Anthem Inc.’s website and signed by its president and CEO, Joseph R. Swedish)

“Safeguarding your employee’s personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data,” Goulet and Hoeflinger state in the email to Ohio employers. “However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, member ID/Social Security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that banking, credit card, medical information (such as claims, test results, or diagnostic codes) were targeted or compromised.”

Once the cyber attack was discovered, Anthem notified the Federal Bureau of Investigation and retained Mandiant, a cyber security company, “to evaluate our systems and identify solutions based on the evolving landscape.”

The company said it will “individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website (www.AnthemFacts.com ) where members can access information such as frequently asked questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995. As we learn more, we will continually update this website and share that information with you. And, we developed a memo template and FAQ to help you answer questions you may receive from your employees.

“We want to personally apologize to you and your employees for what has happened, as we know you expect us to protect your information. We will do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust.”

SOURCES: Anthem email to Ohio employers, published reports.

Published by The Business Journal, Youngstown, Ohio.