Ball State medical provider hacked, information possibly accessed

PHOTO COURTESY OF IMGKID.COM
PHOTO COURTESY OF IMGKID.COM

Anthem created a website for members to access frequently asked question regarding the attack. The site will be updated as the company receives more details on the attack, www.anthemfacts.com.

Current and former members can call 1-877-263-7995 for more information.

Current members will be automatically enrolled in identity repair services. Impacted members will also be given information on how to enroll in free credit monitoring.



Anthem Inc., Ball State’s health insurer, announced on Friday that suspicious activity on the company’s network began in December 2014, which resulted in the attack that potentially compromised Ball State employee private, personal information.

To date, the university has no knowledge of employee information being misused.

Anthem, the United State’s second-largest health care employer, was the victim of a Jan. 29 cyber attack when hackers accessed the Blue Cross Blue Shield insurer’s health insurance database, which contains the personal information for as many as 80 million people. It is unknown who committed the attacks and how many people were involved.

In a press release from the university on Feb. 6, Bernard Hannon, vice president for business affairs and treasurer, said Anthem informed the university that the health insurer’s member information was accessed and that Ball State employees could be included.

Ball State also sent out an email on Feb. 9 notifying faculty and staff that any email regarding their Anthem accounts is not from Anthem. These emails have been accessing for personal information, such as credit card or banking information, or asking employees to sign up for free credit monitoring. Anthem will send out all information regarding credit monitoring and details for dealing with the cyberattack through postal mail. Currently, no evidence indicates the senders of the scam emails are connected with the hackers.

“We are working closely with Anthem to better understand the impact on our employees and their dependents,” Hannon said.

The hackers gained access to names, birth dates, email addresses, employment details, Social Security numbers, incomes and street addresses of current and former customers.

However, the health care company has not yet found any evidence that medical or credit card information were accessed. This type of information includes insurance claims and test results.

The company said it is still conducting a forensic IT investigation to determine the exact number of impacted customers.

Anthem has notified federal law enforcement officials and shared information on the attack with U.S. healthcare industry cyber security agency HITRUST C3 in response to the attack.

All of Anthem’s product lines were affected in the attack, including Anthem Blue Cross, Blue Cross and Blue Shield Georgia, Empire Blue Cross and Blue Shield Amerigroup.

Federal investigators are particularly interested in whether the personal information of Medicare and Medicaid beneficiaries was exposed.

Hannon said Anthem’s information security has “worked to eliminate any further vulnerability and continues to secure all of its data.”

Jan. 1, 2015 marked the beginning of Ball State’s first full year with Anthem. The decision to move over to the health care provider was reviewed in July of 2014 and approved Oct. 10, 2014 by the Ball State board of trustees. It was part of a larger revision to the university’s healthcare plan.

Those October changes signified bringing the university in line with the best practices in the healthcare industry, Hannon told The Daily News in November.

The CEO of Anthem, Joseph Swedish, apologized to customers for the breach, according to anthemfacts.com. The website was created to provide information following the breach and explain the issue.

"We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem," said Swedish.

The university will continue to provide information regarding the incident to employees, Hannon said. Members of Anthem will receive access to free identity repair services, and impacted members will be informed on how to sign up for free credit monitoring.

Comments