By Jocelyn Baird, NextAdvisor.com
Health insurance provider Anthem announced late Wednesday, Feb. 4 that it had experienced a massive security breach which exposed the information of up to 80 million of its current and former customers, as well as employees. A letter sent to customers by email and posted on the Anthem website from company president and CEO Joseph R. Swedish informed of a "very sophisticated external cyber attack" in which hackers gained access to the Anthem IT system. Although initially there were no known suspects or motive, new information within the investigation has pointed toward Chinese state-sponsored hackers as the perpetrators, according to Bloomberg Business. President Obama's cybersecurity adviser Michael Daniel called the attack "quite concerning" during a Bloomberg Business seminar on Feb. 5.
What Anthem customer information was exposed?
The investigation by Anthem, the FBI and cybersecurity firm Mandiant has determined that information of customers -- both current and former -- as well as employees was exposed during this attack. The information compromised includes names, birth dates, medical ID numbers, social security numbers, home addresses, email addresses and employment information (including income). At this time, there is no reason for Anthem to believe credit card or medical information, such as claims or test results, were targeted or stolen. However, the sheer volume of information that was accessed is incredible.
According to the company's website, this Anthem hack extends across all of its businesses -- including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.
What is the response to this Anthem hack?
According to the letter from Swedish, as soon as the attack was discovered, the company began working internally to close the breach and contacted the FBI to investigate what happened and how. Anthem has also retained Mandiant, a private cybersecurity firm, to help assess and improve its current systems. Customers were notified immediately by email, and Anthem also set up a website -- www.anthemfacts.com -- that people can visit to get up-to-date information on the investigation. Once it has determined which customers were exposed, Anthem will be sending letters by postal mail with more information -- including how they can sign up for free credit report monitoring and identity theft protection service.
As of yet, Anthem has not said which service it will be offering credit monitoring and identity theft protection through. In addition to the website, Anthem has set up a toll-free phone number you can call for more information. When this number is called, customers will hear a recording with information about the attack and have the option to speak with an Anthem representative if they have any questions.
I'm an Anthem customer; what can I do to protect myself?
Although the company's response has been swift and proactive, the sad fact is that if you are an Anthem customer your information is potentially already in the hands of criminals. Here are some steps you can take to protect your identity in the coming weeks:
1. Sign up for identity theft protection on your own. While it's nice that Anthem will be offering affected customers free credit report monitoring and identity theft protection, often the plans offered after data breaches don't measure up. Because so much information was exposed in this attack, you are going to want an all-inclusive identity theft protection service that offers regular credit reports, Internet black market monitoring and identity theft assistance. Our top-rated service, Identity Guard, offers all of this for the reasonable monthly price of $14.99. Since many insurance plans cover the whole family, many parents will be scrambling to protect their children's identities as well as their own. TrustedID offers a cost-effective family plan that covers all family members living at the same address for just $18/month with an annual plan.
Both services offer a free trial -- 30 days for Identity Guard and 14 days for TrustedID -- so if you aren't sure whether you'll want or need it, you can sign up now and cancel later. Depending on how quickly Anthem rolls out its free service, you can even sign up for both and compare. Canceling within the trial period will ensure you don't pay a thing, while keeping your identity protected.
2. Be suspicious of strange phone calls, letters and emails. Although phone numbers were not listed among the data exposed, it's good to cover all of your bases. Be on the lookout for calls, letters and emails that claim to be from Anthem which ask you to provide your personal data to prove your identity. Anthem has already sent emails to customers and has said it will be sending those affected a letter by mail. It is unlikely that any legitimate correspondence from Anthem will ask you to divulge sensitive information or give them money. If you receive an email urging you to click a link or log onto your health insurance account, do not click the link. Instead, visit the website in a separate browser window and log in that way to check for any alerts that have been sent to your account. Similarly, regard any phone calls with suspicion -- it's best to find out what the caller wants, hang up and call the customer service number on the back of your insurance card to determine if the call is legitimate.
3. Shred your junk mail and documents before throwing them out. Any time your home address is exposed, you are at risk. Identity thieves are not above digging through your trash to find discarded credit card offers or other old mail and documents they can use to exploit your identity for their own gain. Ripping up old mail yourself simply won't cut it -- the best option is to invest in a cross-cut shredder, which will completely destroy documents so they cannot be pieced back together.
4. Protect your medical identity. We all know the dangers of having our credit cards and banking information stolen, but do you know the dangers of medical identity theft? Because medical ID numbers and social security numbers were exposed in this attack, you should be on the lookout for suspicious medical bills for procedures or treatments you did not receive. It is also a wise idea to carefully read any and all statements you receive from your insurance provider, especially considering in this case it is your insurance provider that has been hacked.
5. Be on alert for tax identity theft. This breach couldn't have happened at a worse time of year for people concerned about tax identity theft. Not only did personal information get taken, but income information was also exposed, leaving Anthem's customers and employees vulnerable to have fake tax returns filed in their names. One of the best ways to help protect yourself from becoming a victim of tax identity fraud is to file your taxes immediately — if you haven't already — and consider opting for electronic filing over mailing in paper forms, since electronic files are processed much quicker.
Anytime a company as large as Anthem is breached, the repercussions are felt long after. To learn more about how to protect your identity and continue following this story, visit our identity theft protection blog.
This blog post originally appeared on NextAdvisor.com.