- An Anthem press release regarding the hack can be found here.
- HITRUST Cyber Threat Intelligence and Incident Coordination Center will not issue an industry wide alert because it has evidence that the breach specifically targeted Anthem. The hackers are thought to be an “advanced persistent threat (APT) actor, which are usually associated with nation-states. It is suspected that Chinese sponsored hackers were behind the breach. Bloomberg has the whole story. (2/5/15)
- According to Modern Healthcare, it is expected that the breach will shake up the cyber insurance market. (2/5/2015)
- The personal and private information of brokers who sell Anthem insurance was not compromised by the breach. According to an Anthem spokesperson, “Anthem is working closely with brokers to help them assist concerned members and clients.” Additionally, “the carrier e-mailed a letter to all of its affiliated brokers and a link to a tool kit for brokers, including an FAQ for members and a template e-mail that can be used by brokers to send a bulletin to clients informing them about the breach and where to get more information about it.” The insurer has set up http://anthemfacts.com/ as the dedicated website for members to view frequently asked questions and answers and Anthem stated that “it’s going to take about 10 to 14 days to figure out who was affected by the data breach and begin notifying those people.” Employee Benefits Adviser has the whole story. (2/5/15)
- • It did not take long for the hackers to begin targeting those whose data was compromised. Anthem has warned customers to beware of phishing scams targeting those whose data was lost during last week’s breach. Currently there is an email scam that “encourages recipients to click a link for credit monitoring services.” The health insurer has stated that these emails are NOT from Anthem. Additionally, Anthem stated that they are not calling members about the attack. CNBC has the full story. (2/6/15)
- AIG is the primary insurer for Anthem and sources say that the healthcare provider “has $10 million in primary cyber coverage above a $10 million self-retention with Lexington Insurance Co. Overall, Anthem has $150 million to $200 million in cyber coverage, including excess layers.” BI has the full story. (2/6/2015)
- According to PoliticoPro, members of the National Association of Insurance Commissioners announced that state insurance commissioners nationwide will review security at Anthem. Due to the large number of consumers potentially affected, “and the apparent scope of the breach, NAIC anticipates that all insurance commissioners from all 56 states and territories will sign on to the examinations, which will include inspections of all subsidiaries and affiliates of Anthem affected by the breach.” States with the largest Anthem clients are Indiana, California, Missouri, Maine and New Hampshire. (2/6/15)
- Anthem’s systems were not encrypted to protect consumer information. However, “under a 1990s federal law that remains the foundation for healthcare privacy in the Internet age, insurers aren’t required to encrypt consumers’ data.” Modern Healthcare has more on encryption standards for the insurance industry.
- According to cybersecurity expert Brian Krebs, hackers may have gained access to Anthem’s network as far back as April of 2014. His full report can be found here. (2/9/15)
- The National Law Review has published an article about how to best respond to the breach. However, probably better for you to listen to your own legal counsel. (2/12/15)