ALBANY, GA (WALB) - City workers have been officially warned about the recent cyber-attack on Anthem healthcare.
Administrators sent a lengthy letter to all employees Thursday afternoon about the massive breach that compromised information of tens of millions of customers.
City officials said their HR department worked as quickly as possible to make sure their staff was informed about how this breach could impact them.
"Anthem has pledged to provide both credit checking as well as credit repair if someone's data has been compromised. So it looks like they're going to do the right thing. But I didn't want anybody worried about it," said Assistant City Manager Wes Smith.
The company said hackers broke into a database storing details including names, addresses and Social Security numbers of about 80 million customers.
Anthem runs Blue Cross Blue Shield plans in more than a dozen states.
The FBI is investigating the attack.
Below is a note sent from Albany city administrators to employees, including an FAQ:
I want to let you know that we have just become aware that Anthem, Inc., the parent company of our health insurance provider, is the victim of a highly-sophisticated cyber-attack. Anthem has informed us that its member data was accessed, and could include that of our employees.
We are working closely with Anthem to better understand the impact on its members. Here is what we do know:
- Once Anthem determined it was the victim of a sophisticated cyber-attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
- Anthem's Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
- Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
- The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
- Anthem is still working to determine which members' Social Security numbers were accessed.
- Anthem's investigation to date shows that no credit card or confidential health information was accessed.
- Anthem has advised us there is no indication at this time that any of our clients' personal information has been misused.
- All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
We are continuing to work closely with Anthem to better understand the cyber-attack and the impact on our employees. Anthem has created a website - www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information, and has shared the following Frequently Asked Questions (FAQs) that further explains the cyber-attack.
We will continue to keep you updated on Anthem's ongoing investigation in hopes to find out who committed the attack, and why.
FAQ sent to Albany City employees:
Was my information accessed?
Anthem is currently conducting an extensive IT forensic investigation to determine what members are impacted. The Anthem teams are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication.
What information was compromised?
Anthem's Initial investigation indicates that the member data accessed included names, dates of birth, member health ID numbers/Social Security numbers, addresses, telephone numbers, email addresses and employment information including income data.
Was there any diagnosis or treatment data exposed?
Anthem's investigation to date indicates there is no evidence that medical information, such as claims, test results, or diagnostic codes were targeted or compromised.
Was my credit card information accessed?
Anthem's investigation to date indicates there is no evidence that credit card information was compromised.
Do the people who accessed my information have my Social Security number?
Anthem's investigation to date indicates that the information accessed included names, dates of birth, member health ID numbers/Social Security numbers, street addresses, email addresses and employment information. Anthem is working to determine whose Social Security numbers were accessed.
How can I sign up for credit monitoring services?
All impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.
When will I receive my letter in the mail?
We continue working to identify the members who are impacted. We expect the mailing of letters to begin in the next two weeks.
My children are on my insurance plan, was their information also accessed?
Anthem is currently conducting an extensive IT forensic investigation to determine which members are impacted; however, adults and children were impacted.
Do the people who accessed my information know about my medical history?
Our investigation to date indicates there was no diagnosis or treatment data exposed.
Do the people who accessed my information have my credit card numbers and banking information?
No, the investigation to date indicates that information accessed did not include credit card numbers, banking or other financial information.
Has anyone used my information yet?
We are not aware of any fraud that has occurred as a result of this incident against our members.
Am I at risk for identity theft?
Anthem is currently conducting an extensive IT forensic investigation to determine which members are impacted. We are not aware of any fraud that has occurred as a result of this incident against our members, but all impacted members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
Do I need a new member ID card and number?
Anthem is working around the clock to determine how many people have been impacted and will notify all who are impacted. Anthem will provide further guidance on next steps.
How can I be sure my personal and health information is safe with Anthem, Inc.?
Safeguarding its members' personal, financial and medical information is a top priority for Anthem, and because of that, they have a state-of-the-art information security system to protect the data.
Anthem has contracted with Mandiant – a global company specializing in the investigation and resolution of cyber attacks. Anthem will work with Mandiant to ensure there are no further vulnerabilities and work to strengthen security.
What is Anthem doing to help members potentially affected by this incident?
All impacted members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
Where is the data now? And who can access my information?
Evidence indicates that the data was uploaded to an external file sharing service. This file sharing service, at Anthem's request, has locked down the account and data so that it cannot be copied, accessed or removed. Anthem and the FBI are working with the file sharing service to access the data and further secure it.