Anthem Cyber Attack Update – Employer Response to Anthem Breach

As Anthem continues its investigation into the cyber-attack on its systems, many employers are wondering how they and their employees are affected and what steps they should take to protect themselves.

Although Anthem has not yet determined the extent of the breach and which individual’s information has been compromised, it has disclosed that all lines of  business were impacted including Anthem Blue Cross and Blue Shield plans in Missouri as well as the HealthLink network. In addition, Blue Cross/Blue Shield members in other states may have been affected since information is shared amongst BCBS affiliates using its national network.

Anthem has indicated that personal information including current and past members going back to 2004 may have been accessed during the incident. This information includes: names, birthdays, addresses, employment information, member ID numbers, and Social Security numbers. No credit card, banking or other client payment information was believed  to have been involved.

Even though as of this time it is not believed that medical claims information was involved, HIPAA’s Privacy and Security rules protect any individually identifiable health information associated with a health plan.

Anthem will be providing all required regulatory and member notices as a result of the breach. This includes its own obligations for fully insured clients as well as the responsibilities of self-funded plan sponsors using ASO services or one of the affected networks. HIPAA regulations do permit these obligations  to be contractually delegated to business associates, so notices issued by Anthem will not need to be duplicated by the employer.

In any event, employers will still want to take steps to ensure that employees are protected as much as possible.  Although Anthem will be sending notifications to affected individuals (within the next two weeks), employers may wish to be proactive in communicating information about the incident to employees and encouraging them to contact Anthem with specific questions and concerns as well as taking advantage of two years of credit monitoring and identity theft protection services being offered by Anthem for all current and past members who have been enrolled since 2004.  Employees should also be warned against potential scams being conducted by telephone asking for personal information or email with outside links.

Anthem has established a dedicated website ( and toll-free telephone number (1.877.263.7995) for questions regarding the incident and the status of Anthem’s response. Anthem will also be holding a town hall meeting webinar to address specific employer concerns:

Click here to register for the Employer Town Hall Meeting

Date:     Tuesday, February 17, 2015

Times:   3:30 pm to 5:00 pm Eastern Time 2:30 pm to 4:00 pm Central Time 1:30 pm to 3:00 pm Mountain Time 12:30pm to 2:00 pm Pacific Time


Linkedin Facebook Twitter Email
, ,

About Dawn Kramer

Dawn is an attorney and Certified Employee Benefit Specialist (CEBS) in J.W. Terrill’s Consulting Services department. She advises clients on legal and regulatory issues affecting their employee benefit plans.

View all posts by Dawn Kramer

No comments yet.

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.