INFORMATION ABOUT ANTHEM'S SECURITY BREACH   

Highmark has become aware of a privacy issue involving another large health insurer. We want to ensure that you are also aware of the details. 

Anthem, a Blue Cross Blue Shield insurer with plans in multiple states, was the target of a sophisticated external cyber attack. These attackers gained unauthorized access to Anthem's IT system and obtained personal information on current and former members, such as their names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data. Based on what is known, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes, were targeted or compromised. 

Highmark is in contact with Anthem to gain additional insight about this issue and learn how it might impact our members. We will continue to follow the situation, and we will be working with Anthem, the Blue Cross Blue Shield Association and other authorities and keep you apprised of the situation. 

If you have specific questions about Anthem and their response to this breach, we refer you to their website (www.anthem.com) for more information.

ADDITIONAL QUESTIONS & ANSWERS

What is this situation and how did it occur? 

Anthem was the target of a sophisticated, external cyber attack. The attacker(s) gained unauthorized access to Anthem's IT system and obtained personal information on current and former Anthem members. The FBI is conducting a forensics investigation to gain further information. 

When will we know who was affected by this breach?

Due to the volume of information this breach involves, the names of potentially affected individuals are not yet known. As soon as Anthem provides us with this information, we will coordinate efforts to notify our members, as necessary.

What information were the cyber attackers able to obtain?

Personal information obtained about current and former Anthem members includes names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data. Currently, there is no evidence that credit card or medical information (e.g. claims, test results, diagnostic codes) were targeted or compromised.

What is Highmark doing as a result of this incident? 

Highmark currently has a team of information security professionals monitoring this issue and our members' information. All areas of Highmark work in collaboration with the chief information security officer and chief privacy officer to ensure that sufficient data safeguards and processes are in place and comply with applicable international, federal and state laws, rules and regulations, accreditation mandates, ethical guidelines and industry standards related to privacy and security. Our privacy and security departments consist of professionals solely dedicated to matters relating to data security and privacy protections and are professionally trained and certified to handle complex privacy and security matters.

How is Anthem communicating this issue to its current and former members? 

Anthem has published a letter to its members ( http://www.anthemfacts.com/), along with a Q&A sheet (http://www.anthemfacts.com/faq). To address members' concerns by phone, Anthem has set up a toll-free number (877-263-7995). Anthem also plans to contact all current and former members individually.