Talk to a Lawyer: (855) 984-8100
(816) 984-8100

Anthem, Inc. Data Security Breach

On February 4, 2015, Anthem, Inc.—the second largest private insurer in the country—publically disclosed that its information security system had been breached and the personal details of over 60 million Anthem customers was compromised. We are representing individuals whose information was compromised in this data breach.

According to Anthem’s President and CEO Joseph R. Swedish, the information stolen from Anthem’s data systems includes names, birthdays, medical IDs, Social Security numbers, street addresses, email address, and employment and income information (“personal medical information”).

Although Anthem’s admission was not made public until February 4, 2015, Anthem’s databases were actually compromised on or about December 10, 2014. And, the theft of personal medical information went undiscovered until January 27, 2015. The impact of the breach was felt immediately: within days of Anthem’s announcement, “phishing” emails, crafted so they appear to be from Anthem, began reaching Anthem customers asking them to verify credit card information and personal health information through “click here” links in the emails. Katherine Keefe, global focus group leader for breach response services at Beazley, which underwrites cyber-liability policies, has said “The value to a criminal of having a full set of medical information on a person can go for $40 to $50 on the street. By contrast, a credit card number is often worth $4 or $5.

Anthem’s failures are compound. First, Anthem failed to take adequate and reasonable measures to ensure its data systems were protected and to prevent the data breach in the first instance. Second, Anthem failed to disclose to its customers the material facts that it did not have adequate computer systems and security practices to safeguard customers’ personal data. Third, Anthem waited approximately nine days before it informed its customers of the data breach and theft of their personal medical information.

Because of its inadequate security, Anthem negligently allowed the loss of data of over 60 million records. Anyone who has or has had Anthem Blue Cross and Blue Shield insurance after 2004 is potentially a victim of this theft.

Additionally, Anthem has recently disclosed that through the Blue Cross and Blue Shield Association’s BlueCard Network, the information of non-Anthem members who have other Blue Cross Blue Shield insurance was potentially compromised as well. Anthem as identified the following plans as having potentially been compromised in addition to all Anthem Blue Cross and Blue Shield members: 

Blue Cross and Blue Shield of Georgia Arkansas BCBS
Empire Blue Cross and Blue Shield (New York) BCBS of Alabama
Amerigroup BCBS of Arizona
Caremore BCBS of Hawaii
Unicare BCBS of Kansas
Healthlink (Missouri) BCBS of Kansas City
BCBS of Massachusetts BCBS of Louisiana
BCBS of Michigan BCBS of Minnesota
BCBS of Mississippi BCBS of Nebraska
BCBS of North Carolina BCBS of North Dakota
BCBS of Rhode Island BCBS of South Carolina
BCBS of Tennessee BCBS of Vermont
BCBS of Wyoming Blue Cross of Idaho
Blue Shield of California Capital Blue Cross
CareFirst BCBS BCBS of Florida
GeoBlue HealthNow New York
Highmark BCBS Horizon BCBS
Hospital Service Assoc. of Northeastern PA Independence Blue Cross
La Cruz Azul Lifetime Healthcare, Inc.
Premera BCBS Wellmark BCBS
BlueCross BlueShield of Illinois BlueCross BlueShield of Texas
BlueCross BlueShield of Oklahoma
BlueCross BlueShield of Montana
BlueCross BlueShield of New Mexico
Regence BlueCross BlueShield (Or. & Utah)
Regence BlueShield (in Idaho and portions of Washington state)

 

For more information or to speak with an attorney, please call our office at 855-984-8100 or email Ashlea Schwarz at ashlea@paulllp.com