Anthem Hacked: 80 million customers

[meierlde]

If the problem was related to a fishing expedition to get credentials, then its both a social issue, as well as a systems issue. In one senses at least it is then related to the Edward Snowden as the same methods were used, getting access to an administrative password and going to town with it. So it is as much teaching administrators what about when and how it is ok to read email and surf the web as anything else. (Possibly also a sign that the admins are overworked and stressed out, being likley always on call)

 

[Big_Hitter]

IMHO nothing better for the regulators to show an industry you mean business by putting C level execs in orange jumpsuits.

very doubtful that will happen

 

[MRG]

From news reports this is not a HIPPA issue as the data breached was financial and not health records.
But I fully agree those responsible should be held accountable....Just not holding my breath. Those of us vets who had financial, and in some cases actual PHI, breached years ago by VA are still waiting for accountability. And VA has still not fully addressed its underlying issues.

FWIW- does no one else find it rather strange that we are all rushing to put our trust in credit freezes with a huge credit firm (Experian) that has (allegedly) been hacked recently for up to 200 million SSAN's...and cannot even tell who those folks are to notify them?!? I can find no offer of ANY identity theft protection being offered by that company for that data breach- or even waiving their normal credit freeze fees.
States Investigating Data Breach at Experian: Report - NBC News

IMHO- As troubling as these specific incidents are, these cases are symptomatic of the MUCH larger issue of globally lax cybersecurity.

I get it, Anthem lost some of the personal data(that can be PHI) but it didn't contain any treatment or medical information so it's not PHI, and HIPPA doesn't apply to the loss.

One of the issues in determining what has been accessed is the method the attacker used. If they used existing credentials and just ran a query it's tough. There are typically some tiny footprints left from a read only statement, depending on the DBMS, but they disappear very quickly.

I agree many organizations don't seem to have a handle on cybersecurity. We get to pay the cost for their ignorance.

 

[sheehs1]

Starting at 2:00 p.m. today, all consumers affected by the hack can sign up for protective services free for 2 years. Evidently, they are taking this a bit more seriously, perhaps from the backlash they have received thus far. If I am not mistaken and from what I read last night, this may include $1,000,000 repair insurance coverage.
Info is on the Anthem website that was set up for this.

https://www.anthemfacts.com

 

[Bikerdude]

Starting at 2:00 p.m. today, all consumers affected by the hack can sign up for protective services free for 2 years. Evidently, they are taking this a bit more seriously, perhaps from the backlash they have received thus far. If I am not mistaken and from what I read last night, this may include $1,000,000 repair insurance coverage.
Info is on the Anthem website that was set up for this.

https://www.anthemfacts.com

Now if they would only let us know if we were affected.

 

[sheehs1]

Bikerdude…my understanding is that if you are an Anthem customer you get this service. I'll know more when I call them or try to set it up after 2:00 p.m. (if I get to it today).

Here is a copy of the updated notice with todays date. It says nothing about waiting to see if you are affected.

"Anthem Provides Update on Id Theft Services for Members Affected By Cyber Attack"

"Consumers will be able to sign up for identity theft repair and credit monitoring services -- offered free of charge for two years -- beginning Friday at 2 p.m. ET Information on how to enroll will be posted here at anthemfacts.com."
(Updated 2/13/2015)

 

[sengsational]

I just put a freeze on at all three credit bureaus. I did it all online and had no problems. I wonder if I can get Anthem to pay me the $30 I just spent.

Freezing is free for us in NC, so I don't have the issue of paying (besides, all 3 were already frozen).

For those that have to pay $10, I'd write my congress person and b*tch about it. "Why do NC people get it for free and we gotta pay? Especially if we know our personal information is in the hands of hackers?"

 

[Bikerdude]

Bikerdude…my understanding is that if you are an Anthem customer you get this service. I'll know more when I call them or try to set it up after 2:00 p.m. (if I get to it today).

Here is a copy of the updated notice with todays date. It says nothing about waiting to see if you are affected.

"Anthem Provides Update on Id Theft Services for Members Affected By Cyber Attack"

"Consumers will be able to sign up for identity theft repair and credit monitoring services -- offered free of charge for two years -- beginning Friday at 2 p.m. ET Information on how to enroll will be posted here at anthemfacts.com."
(Updated 2/13/2015)

From their Faq web site:

"How can I sign up for credit monitoring/identity protection services?

All impacted members, former members and impacted affiliated plan members will receive notice via mail which will advise them of the protections being offered."


I guess we'll find out at 2pm.

 

[Big_Hitter]

well, it's past 2 pm EST

 

[fidler4]

I was part of the Home Depot hack so I already have a credit watch service through them. What is the point of having another credit watching service.?

When I logged into my Anthem account I get this message saying I am entering into a secure site. Well that is comforting to know.




Sent from my iPad using Early Retirement Forum

 

[Bikerdude]

Well it looks like its Allclear ID protection service. Same as HomeDepot. You get 24 months and can sign up at anytime.

"For additional protection, and at no cost, you may also enroll in the AllClear PRO service at any time during the 24 month coverage period. This service includes credit monitoring and an identity theft insurance policy. Please enroll at https://anthem.allclearid.com/."

 

[ERhoosier]

Freezing is free for us in NC, so I don't have the issue of paying (besides, all 3 were already frozen).

For those that have to pay $10, I'd write my congress person and b*tch about it. "Why do NC people get it for free and we gotta pay? Especially if we know our personal information is in the hands of hackers?"

Good point. STATES can require that their citizens do not pay the freeze fees to credit agencies, and a number have enacted legislation to do so.

 

[explanade]

How do these services protect your ID?

If someone already has the social security numbers, how do they prevent the thieves from taking out fraudulent credit?

I can see the insurance part, reimbursing after the fact? But that would be after the damage is done to your credit?

 

[Bikerdude]

How do these services protect your ID?

If someone already has the social security numbers, how do they prevent the thieves from taking out fraudulent credit?

I can see the insurance part, reimbursing after the fact? But that would be after the damage is done to your credit?

Allclear ID calls you when someone applies for credit in your name. If its you, all is good, if not they help you get it corrected/canceled. However, I don't think they will monitor someone submitting a tax return with your SS#.

 

[audreyh1]

They said mail, not email? So it will take a few days.

 

[MichaelB]

How do these services protect your ID?

If someone already has the social security numbers, how do they prevent the thieves from taking out fraudulent credit?

I can see the insurance part, reimbursing after the fact? But that would be after the damage is done to your credit?

Allclear ID calls you when someone applies for credit in your name. If its you, all is good, if not they help you get it corrected/canceled. However, I don't think they will monitor someone submitting a tax return with your SS#.

Right, although I would add, the credit protection is when someone tries to open new credit through one of the three monitors - Experian, TransUnion and Equifax.

They said mail, not email? So it will take a few days.

So, if you don't hear from them, you'll assume everything is all right?

 

[sheehs1]

My understanding from the phone call I made to AllClear (1-877-263-7995) is this (some of this might be redundant information) :

1) All customers (both current and former) have automatically been enrolled in the AllClearidSecure program. You have to monitor suspicious activity yourself but they do cover any losses IF attributable to the Anthem hack. Follow the links on www.anthemfacts.com to put in your information.

2) IF they determine your record was hacked, you will receive a letter via mail with a redemption code to enroll in AllClearIDPro. This is the monitoring and insurance coverage piece.

All of the above is for 2 years. After 2 years, you can keep it for $8.50/mth versus the supposed $250/month for regular customers. This is what she said and I don't know how that compares to others like Lifelock.

I asked for verification that I am enrolled in the AllClearidSecure program. She couldn't do that but offered to take my information (name and email address) and bump it to her investigators to determine if my record was part of the hack. I will get a phone call within 72 hours with the results. This is faster than snail mail and let's me know to be on the look out for the letter and perhaps will allow enrollment in the AllClearidPro sooner.

Like others have either said or questioned , I don't know what this does that the credit freeze does not do nor is it likely to cover every contingency such as the filing of fraudulent returns. Surely the hackers know or will know of the 2 year "protection" time frame. There will be ongoing risk considering the data stolen.

 

[sheehs1]

They said mail, not email? So it will take a few days.

I think if you follow the links to the Allclear site from the anthem facts.com site and enter your name and email address you may get an email with 72 hours. I did this and it told me the response time was 72 hours. But I hate to presume anything.

Alternatively as you might have read in my previous post, a phone call to All Clear and a request to confirm if you were part of the hack will get you a return phone call in 72 hours. I opted to do this. I will let others know if I actually get that phone call and/or others might want to try this too.

 

[audreyh1]

Right, although I would add, the credit protection is when someone tries to open new credit through one of the three monitors - Experian, TransUnion and Equifax.


So, if you don't hear from them, you'll assume everything is all right?

I really have no idea what to think. I'll keep checking with BCBSTX.

 

[audreyh1]

I think if you follow the links to the Allclear site from the anthem facts.com site and enter your name and email address you may get an email with 72 hours. I did this and it told me the response time was 72 hours. But I hate to presume anything.

Alternatively as you might have read in my previous post, a phone call to All Clear and a request to confirm if you were part of the hack will get you a return phone call in 72 hours. I opted to do this. I will let others know if I actually get that phone call and/or others might want to try this too.

Great - I'll see what you hear and decide what to do.

 

[audreyh1]

OK so it is more specific. We have not used BCBS outside of TX except once for one of us in New Mexico in 1999. And neither Texas nor New Mexico is listed.

This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore, Unicare and HealthLink. Additionally customers of Blue Cross and Blue Shield companies who used their Blue Cross and Blue Shield insurance in one of fourteen states where Anthem, Inc. operates may be impacted and are also eligible: California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Virginia, and Wisconsin.

Thanks much Sheehs1!

 

[sheehs1]

I was part of the Home Depot hack so I already have a credit watch service through them. What is the point of having another credit watching service.?
Sent from my iPad using Early Retirement Forum

Over the phone today Anthem gave me the impression they would only repair things or reimburse losses under the insurance if it was due to the Anthem hack. I'm assuming they can tell if (1) the damage required having your SSN number and (2) you are on their hack list.

I have to assume the others have the same policy. So let's say you suffered some damages. Could there be a situation where Home Depot says "not their fault" pointing the finger back to the Anthem hack? Did the Home Depot hack get your SSN number or just your credit card info? If the damage required having your SSN, Home Depot may say, sorry…(assuming that hack did not get your SSN).

Can't imagine but you get where I am going with this.

It might be more of a cover all bases sort of thing.

 

[ERhoosier]

They said mail, not email? So it will take a few days.

In this case, snail mail may be more secure. There are already phishing e-mails claiming to be from Anthem and wanting you to go to their bogus links to give up your personal info. I would ONLY use trusted contacts like Anthemfacts.com that YOU type into your browser yourself (not using 3rd party email link which could send you to fake site) or the AllClear phone #. Scam artists tend to use any incident to their advantage

 

[sheehs1]

Well….for the folks that are interested...…I received an email this morning from AllClearID. That was fast. I now need to verify that AllClear is sending emails because not only was it another apology from Anthem, it verified my automatic enrollment in the first tier AllClearIDSecure AND it told me "affected individuals" can enroll in the AllClearIDPRO. Without coming out saying I was affected it gave me a redemption code to sign up of the Pro piece indicating ...yep….the hackers got my record as only those affected can sign up.

I did everything from the anthemfacts.com site, placed my phone call yesterday to the number provided by that site, clicked on the link on that site for the AllClearID sign up, entered only my name and email address as requested.

Anyone think I should be suspicious that I got the "email" with the AllClearIDPRO redemption code this morning? The only thing I was expecting was perhaps an acknowledgement that I was affected. I thought if I was, the redemption code would come via mail. I will call Anthem and see what they say.

 

[MichaelB]

OK so it is more specific. We have not used BCBS outside of TX except once for one of us in New Mexico in 1999. And neither Texas nor New Mexico is listed.

Good news for most Blue Card policy holders.

Thanks much Sheehs1!

+1

Anyone think I should be suspicious that I got the "email" with the AllClearIDPRO redemption code this morning? The only thing I was expecting was perhaps an acknowledgement that I was affected. I thought if I was, the redemption code would come via mail. I will call Anthem and see what they say.

There doesn't appear top be any risk of signing up with the redemption code on the AllClear website. I signed up last week with the Home Depot breach, and the redemption code didn't work on the normal enrollment page. It required a separate link provided by HD.

It seems to me Anthem just decided to extend AllClearPro to everyone, that trying to parse and segment to control this was too complex and risky.

Edit: I signed up at AnthemFacts, and received the email a few minutes later. The redemption code doesn't work on the normal signup page of AllClearPro, a separate link for Anthem customers is needed. If it exists I can't find it.