Public Employee Press

Cyber attack hits Empire BlueCross BlueShield

"We will be closely following the investigation and continue to express our concern to Empire about the privacy of our members and retirees."
— Willie Chang, DC 37 Health and Security Plan Administrator

The FBI is investigating the recent cyber attack on Empire BlueCross BlueShield, the insurance company used by tens of thousands of DC 37 members.

Anthem Inc., the parent company of Empire, contacted the FBI immediately after it learned about the security breach on Jan. 19. Anthem, the second largest health insurer in the country, also hired Mandiant, one of the world's largest cyber security firms, to evaluate its information technology system and to improve security.

The cyber attack - carried out in 14 states - may have affected as many as 80 million people.

According to Anthem, the stolen information includes names, birth dates, Social Security numbers, street addresses, email addresses and employment information - including income data. Fortunately, no credit card information was compromised. Medical information, such as claims, test results and diagnostic codes, were not targeted or obtained.

Empire is notifying current and former subscribers whose information was stolen and will provide credit monitoring and identity protection services to individuals targeted in the attack.

Anthem has set up a website, www.anthemfacts.com, with frequently asked questions and answers about the security breach. Anthem has also set up a hotline at 877-263-7995 for inquires.

Empire, which is the largest insurer in New York State, briefed the Municipal Labor Committee about the attack during a conference call. The MLC represents the unions of New York City public employees and retirees on health matters. Empire has 4 million subscribers in the city.

Following the cyber attack, Empire issued a press release advising consumers on how they can protect themselves from email scams. This includes emails which appear to be from Anthem and include a "click here" link for credit monitoring.

Empire's advice to recipients of suspicious email:

• do not click any links in possible spam email;
• do not reply to the email or reach out to the senders;
• do not supply information on a website that opens when you click a link in the email message, and
• do not open up any attachments accompanying the email.

"We will be closely following the investigation and continue to express our concern to Empire about the privacy of our members and retirees," said Willie Chang, administrator of the DC 37 Health and Security Plan, who chairs the MLC technical committee. "Unfortunately, the health-care industry is particularly vulnerable to cyber attacks."

Across the country, health-care providers and hospitals are relying more on digital medical records, which are potentially vulnerable to these security breaches. Hospitals and insurers are using new technology for their operations, including virtual doctor visits and "telemedicine," and filling prescriptions through the Internet. Computers, cell phones and other mobile devices are being used for health purposes.

Over the past year, cyber attacks have hit Home Depot, Target, Staples, JP Morgan Chase and Sony Pictures.

For information about how to recognize spam email, visit http://www.consumer.ftc.gov/articles/0003-phising

— GNH