Cyber Security Breach victims should take pre-emptive steps, even if compromised status is unconfirmed.
Anthem is not calling members regarding the cyber attack and is not asking for credit card information or Social Security numbers over the phone. For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing. Anthem has a helpful FAQ page.
The Wall Street Journal reported last week that security experts involved in the ongoing forensics investigation into the Anthem cyber security breach say the servers and attack tools used in the attack on Anthem bear the hallmark of a state-sponsored Chinese cyber espionage group known by a number of names, including “Deep Panda,” “Axiom,” Group 72,” and the “Shell_Crew,” to name but a few.
Jeremiah Grossman, CEO of WhiteHat Security, cautions that there’s a good chance other health insurance organizations are already compromised and just don’t know it yet. [There are indications that the Anthem cyber security breaches began April 2014.] “As these things happen, it would not be surprising if other healthcare institutions reveal that they’ve been compromised. Often enough, cyber-criminals work in coordinated teams and target market segments, and not just a single entity.”
There are steps you can take. Out of precaution you may want to consider taking these steps pre-emptively, that is, without waiting to discover that your information has been compromised. If compromised, it would be too late in many instances. There is a wide array of steps. Some as simple as monitoring. Some more complex, like freezing credit reports. Others are just general awareness. Know your options and make wise decisions in regard to your personal information – personal identity.
You should be aware of scam email campaigns targeting current and former Anthem members. These scams, designed to capture personal information (known as “phishing”), are designed to appear as if they are from Anthem and the emails include a “click here” link for credit monitoring. These emails are NOT from Anthem.
- DO NOT reply to the email or reach out to the senders in any way.
- DO NOT supply any information on the website that may open, if you have clicked on a link in email.
- DO NOT open any attachments that arrive with email.
Freeze on SSN credit reports
Take a preemptive strike by freezing your credit reports. A security freeze would prevent anyone — even you — from accessing your credit report, a first step in establishing a new line of credit. This will not impact existing credit cards and financial accounts, but will create a roadblock for thieves seeking to create fraudulent accounts using your personal information.
How can I implement a freeze?
To be effective, a freeze must be set up with all three credit bureaus:
- Experian: https://www.experian.com/freeze/center.html
- Equifax: https://www.freeze.equifax.com
- Transunion: https://freeze.transunion.com
Place a fraud alert on your credit reports.
A fraud alert flags your credit reports, alerting potential lenders to verify the identity of anyone attempting to open an account in your name. Fraud alerts are free and don’t interfere with your ability to receive instant credit. However, fraud alerts rely entirely on the diligence of the person performing the credit check. Fraud alerts are also temporary, and must be reinstated every 90 days in most cases.
Phishing Email
Expect that scammers will take advantage of this cyber security breach to send out phishing emails and other messages that appear to be from Anthem, a credit bureau or other legitimate companies. Do not click on links from any email, text or social media messages about this or any other data breach.
Free Identity Protection Services provided by Anthem include:
- Identity Theft Repair Assistance:
Should a member experience fraud, an investigator will do the work to recover financial losses, restore the member’s credit, and ensure the member’s identity is returned to its proper condition. This assistance will cover any fraud that has occurred since the incident first began.
- Credit Monitoring:
At no cost, members may also enroll in credit monitoring, which alerts consumers when banks and creditors use their identity to open new credit accounts.
- Child Identity Protection:
Child-specific identity protection services will also be offered to any members with children insured through their Anthem plan.
Additionally customers of Blue Cross and Blue Shield companies who used their Blue Cross and Blue Shield insurance in one of fourteen states where Anthem, Inc. operates may be impacted and are also eligible: California is included in the more extensive list. You should also pay attention to this threat if you were a member of Anthem in the last 10 years, even if you are not currently receiving services, you data has been accessed in the cyber security breach.
AllClear ID
AllClear ID is ready and standing by to assist you if you need identity repair assistance. This service is automatically available to you with no enrollment required. If a problem arises, simply call 877-263-7995 and a dedicated investigator will do the work to recover financial losses, restore your credit, and make sure your identity is returned to its proper condition. Call centers are open Monday to Saturday from 9 a.m. to 9 p.m. ET.
AllClear PRO
For additional protection, and at no cost, you may also enroll in the AllClear PRO service at any time during the 24 month coverage period. This service includes credit monitoring and an identity theft insurance policy. Please enroll at https://anthem.allclearid.com/.
Those without Internet access or who prefer assistance via telephone can call 877-263-7995.
Identity theft is more than a matter of money. It is a matter of personal violation. The Anthem cyber security breach has compromised 40 million people – 1 in 9 of Americans receiving medical insurance services.