Current and former Blue Cross and Blue Shield of Georgia members are being offered free identity repair assistance and credit monitoring services in the wake of a massive data breach involving the insurer’s parent company, Anthem.
Blue Cross members dating back to 2004 can start accessing these services before receiving a mailed notification from Anthem that will be sent in the coming weeks.
Blue Cross, which currently has about 3 million members in Georgia, advises consumers to get more information from AnthemFacts.com on how to access the services. All Georgia members are potentially affected, Blue Cross says.
Anthem recently announced that as many as 80 million customers of the company had their account information stolen.
“We are currently working with the FBI,’’ said Blue Cross of Georgia spokeswoman Debbie Diamond on Monday. “As the investigation unfolds, we’ll have a better idea of how many people are affected.’’
“It’s premature to speculate how [the breach] happened,’’ she added.
Anthem says it has no reason to believe credit card or banking information was compromised, nor is there evidence at this time that medical information such as claims, test results, or diagnostic codes was targeted or obtained.
The names, addresses, birth dates and Social Security numbers stolen from the Indianapolis-based insurance giant are valuable for criminals, James P. Nehf, professor of law at the Indiana University School of Law in Indianapolis, told USA Today recently.
That basic personal information is even more valuable to criminals than are credit card and bank account data, Nehf said. It allows for identity theft, with the thieves using the customers’ names to open bank accounts and lines of credit, rent apartments and commit other fraudulent acts.
Data breaches in health care are not uncommon in the United States – and 2014 was a milestone year.
Health care companies saw a 72 percent increase in cyberattacks from 2013 to 2014, according to the security firm Symantec.
“A sad fact is that the health care industry by and large has never been seen as a leading-edge security consumer because the historical threat has been more focused on financial services,” Mark Kraynak, chief product officer for Imperva, recently told PC World. “This is a broad generalization, but health care targets are probably a little bit softer targets than financial targets.”
CHS operates five hospitals in Georgia: Barrow Regional Medical Center in Winder; Fannin Regional Hospital in Blue Ridge; Clearview Regional Medical Center in Monroe; Trinity Hospital of Augusta; and East Georgia Regional Medical Center in Statesboro.
The company said the data stolen didn’t include anything about people’s actual health or medical care, but did include sensitive personal information such as patients’ names, addresses, birthdates, telephone numbers and Social Security numbers.
Tougher federal requirements for monitoring and reporting health care data breaches have led to more reporting of incidents when patients’ information goes missing or may have been inappropriately accessed.
Data breaches in health care can also occur on a small scale. Last year, a computer was stolen from the vehicle of an employee of the Department of Behavioral Health and Developmental Disabilities who was attending a Clayton County conference. The laptop contained health information on 3,397 individuals who receive services from the agency.
There has been no evidence that the laptop thief was seeking the information or ever accessed it, and Clayton County police have since closed the case due to a lack of leads.
The financial consequences of Anthem’s massive data breach could reach beyond the $100 million mark, according to reports.
Anthem CEO Joseph Swedish has called the data breach a “very sophisticated external cyberattack.”
Several lawsuits naming Anthem, the nation’s second-biggest health insurer, as a defendant and seeking class certification already have been filed.
Six Georgians filed a lawsuit against Anthem and Blue Cross in federal court in Atlanta, the Atlanta Business Chronicle reported.