A trusted health insurance partner of many Maine people has allowed its systems to be compromised in a break-in that is made worse by their unnecessary collection of customer financial and social security data.
Mr. Joseph Swedish, President and CEO of Anthem attempted to gain sympathy by assuring Anthem’s customers that his information and that of many employees was also compromised.
Much of the damage from this attack could have been avoided if Anthem had followed sensible practices and actually cared about the information security of customers. The editor of this newspaper, John Vedral, forsaw the danger of this type of cyberattack as far back as 1996 when he sponsored legislation to restrict the use of Social Security Numbers and to limit business collection of customer data.
The following is the letter to customers from the President and CEO of Anthem.
To Our Members:
Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem Blue Cross Blue Shield was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised.
Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.
Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.
Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website – AnthemFacts.com – where members can access information such as frequent questions and answers. As we learn more, we will continually update this website and share that information with you. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: 1-877-263-7995.
I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information. We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.
President and CEO