Anthem Hacked: 80 million customers

timo2 said:
"A federal watchdog agency says Anthem Inc. has refused to allow it to conduct vulnerability scans of the health insurer's systems in the wake of its recent massive data breach affecting 78.8 million individuals. Anthem also refused to allow scans by the same agency in 2013" This agency would be involved because Anthem does business with the Federal Government.
Anthem Refuses Full IT Security Audit - GovInfoSecurity
Click to expand...

And yet we have to buy insurance and have our private information subject to hackers, not only with Anthem but I am sure other insurers who might take the same stance and that do not encrypt their data. I had read where encrypting the data was not required by law. Wonder if that law will ever change!

Perhaps Anthem is more loosey, goosey than we could ever imagine. My take is that if they had up to date safeguards they would have welcomed these audits and used the results to let us know they were doing every thing possible to safe guard information. Clearly they didn't and are not.
 
sheehs1 said:
And yet we have to buy insurance and have our private information subject to hackers, not only with Anthem but I am sure other insurers who might take the same stance and that do not encrypt their data. I had read where encrypting the data was not required by law. Wonder if that law will ever change!

Perhaps Anthem is more loosey, goosey than we could ever imagine. My take is that if they had up to date safeguards they would have welcomed these audits and used the results to let us know they were doing every thing possible to safe guard information. Clearly they didn't and are not.
Click to expand...

Data at rest encryption has been around for a few years. Few have adopted it yet as there are(were) some early issues(inequality and range queries on encrypted key fields). I'd expect years for it to become law. Upgrade to the vendors DBMS that supports encryption, get all your other vendors to support that release of DBMS etc...

That said you don't have to encrypt data at rest, to keep it secure. You just need to not allow hackers through the DMZ. I'm absolutely appalled that Anthem refused an audit, they must have known they had issues. Seriously it's time for a CIO to be sent to a nice home, free food, orange clothing for a few years.

I spent a couple of years being the auditors lacky. It's not hard to pass the one audit Anthem did allow, it's just control testing.
 
I received my letter today. While it does not specifically say that my information was compromised it does imply that all 80 million current and former customers are at risk. The free credit monitoring begins on the date of the letter (3/4/15) and continues for 2 yrs. They mention that you can put a fraud alert and/or credit freeze at the 3 credit bureaus. Seems as though the fraud alert is free but for how long is the question I need to clarify.
 
Wow!
I have yet to get a letter from Anthem. Have any others received one?
 
sheehs1 said:
Wow!
I have yet to get a letter from Anthem. Have any others received one?
Click to expand...

My husband and son each received one over the weekend from Anthem. I received a notice from my retirement system, but nothing directly from Anthem.
 
Thanks Miss Molly. As expected I thought those letters might be slow to get out. USPS must be happy about potentially 80 million more pieces of mail. :)
 
sheehs1 said:
Wow!
I have yet to get a letter from Anthem. Have any others received one?
Click to expand...


Ours arrived today, or at least 2 letters for the 2 adults in the family did. I'm not sure if my 2 children will get their own notices.


Sent from my iPad using Early Retirement Forum
 
My daughter's letter arrived in todays mail. She is a "former customer", not a current one. I dropped her back in 2010 after college graduation and after she obtained coverage from her job. I was "the primary" with her being listed as a minor child on my policy at the time.

Mine has not arrived yet. You would think they would do it "by household" but apparently not.
 
Last edited:
sheehs1 said:
My daughter's letter arrived in todays mail. She is a "former customer", not a current one. I dropped her back in 2010 after college graduation and after she obtained coverage from her job. I was "the primary" with her being listed as a minor child on my policy at the time.

Mine has not arrived yet. You would think they would do it "by household" but apparently not.
Click to expand...

In our situation, although we are all covered by Anthem, they are all different policies. I am covered under my state retirement system. Prior to 2015 the retirement system had us all covered under Humana, so I suspect that's why I didn't get a notice. My husband is covered under an individual policy. My son used to be on the policy with my husband until he graduated college. Once he got a job he was covered by his new employer but still covered by Anthem. He has since moved to yet a different employer but is still covered by Anthem. So my son has had 3 different Anthem policies in 3 years.
 
I received a letter in the mail from Anthem today. It is a form letter and does not specifically say that my information was included in the attack. I'll assume that it was since I have used Empire BCBS for years, on my own and previously when I was still working.

The letter contains most of the same jargon they posted to their website - made to try to make it look like they are a reputable, trustworthy company: as soon as we discovered the attack we immediately began to close the vulnerability, no health information was taken that we know of, we'll give you 2 years of AllClear ID, and here are the websites for the credit bureaus so you can freeze your credit. Blah blah blah.

The form letter also included some handy Fraud Prevention tips. But I noticed they forgot the most important one: don't buy insurance from Anthem if you don't want your identity stolen.
 
truenorth418 said:
The form letter also included some handy Fraud Prevention tips. But I noticed they forgot the most important one: don't buy insurance from Anthem if you don't want your identity stolen.
Click to expand...
Since another BCBS company got hacked, it may just be part of a cost of having insurance as I suspect most companies may be open to some sort of hack. If of course you have US credit cards your max loss is $50 per card, and this is often waived.
I had it happen back in the 1990s, and by writing letters sent certified mail, did manage to work it out. I do suggest not using the phone but sending notices certified mail as that gives you proof things are sent. (One can get a return reciept in an online version for 1/2 the price of the green card)
 
Received letter for myself and DS, but nothing for DW and DD. Given the recent Target class action settlement, I suspect a class action suit is coming against Anthem and it could be a lalapalooza.
 
Then they'll just pass the costs in higher premiums ...
 
explanade said:
Then they'll just pass the costs in higher premiums ...
Click to expand...

They can only do that if there is not enough free market competition.

These companies who can't protect out data should send their CEO's to the Tort Lawyers Convention and beg them to be sued. It's what they are doing anyway.
 
It did cost the Target CEO his job.

So yeah definitely punish the executives here.
 
Apparently the Anthem hack may be part of specific activity dating back to 2013. Healthcare Breaches Like Premera First Stage Of Bigger Attacks?


"This week brought news of three more healthcare data breaches, one of which left the personal data of 11 million individuals exposed. The incidents raise more questions about why China-based cyberespionage groups have taken a shine to American healthcare data and what plans they have for it. While shining harsh light on the deep cracks in the healthcare industry's security, the recent events also highlight the potential success of information sharing. "
 
It would be interesting to know how many Anthem customers have had their identities and credit affected thus far. They should report some of those statistics.
 
Fraud Alert

I froze my account at the three major credit reporting agencies. Anyone also do a fraud alert alert (the one that's free but only lasts 90 days)? I am assuming that it's not needed but would it help or hurt anything?

Thanks!
 
You must log in or register to reply here.

Similar threads

jollystomper
Financial Advice Columnist falls for $50K scam
4 5 6
Replies
134
Views
10K
Koolau
Koolau
Qs Laptop
I Wonder Why Brick and Mortar Stores are Losing Customers?
3 4 5
Replies
101
Views
7K
RetMD21
R
Amethyst
Anyone Holding Templeton Emerging Market Fund/Seeking 1099 Info
Replies
16
Views
555
Amethyst
Amethyst
Koolau
BFF 0.5 Million In Debt at 79 Has Passed Away
2 3 4
Replies
92
Views
10K
Koolau
Koolau
Franklin
Be Careful Inserting your CC. Wild story!
2 3 4
Replies
98
Views
6K
Franklin
Franklin

Latest posts

Back
Top Bottom