UPDATE: As of Friday the thirteenth, there have been few new developments save for much sound and fury. Anthem has announced that members and former members data going back 11 years to 2004 is at risk. And they are offering free credit monitoring and identity theft protection for them. See Anthem Facts for more information.

The good news for New Mexicans is that so far it seems that Blue Cross Blue Shield of New Mexico is not directly affected. While local Blue Card members may be at risk (see below), it’s mainly customers in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Virginia, and Wisconsin that have been impacted. Also directly hit are Anthem’s subsidiaries, Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore, Unicare and HealthLink.

Also, no reports have yet surfaced that this data is being used or sold on the black markets.

Further updates will be posted as events warrant.

Original post:

Another day, another massive data breach, or so it seems these days. The latest headline-grabbing attack, this one on Anthem, the nation’s second-largest health insurer, exposed the private data of 80 million people, both customers and employees.

By any standards, it’s a huge blow and many people right here in New Mexico are justifiably worried. Anthem, after all, runs Blue Cross Blue Shield of New Mexico, which insures thousands of us.

There’s not much hard information yet. Anthem states that it was a “very sophisticated attack” but some experts disagree. China may be to blame, but the insurer didn’t even bother encrypting the most vulnerable information, such as social security numbers, as that was the data most often used.

Finger-pointing will doubtless continue throughout the investigation, along with lawsuits. Fortunately, the insurer has already set up a website, Anthemfacts, to deal with customers’ questions. Based on that, and other online info we could gather, here are answers to the most urgent questions:

What sort of information was stolen?
Anthem says the hackers “have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.” So it could be worse.

Are New Mexicans affected?
The insurer claims that all its product brands are affected, which would include Blue Cross Blue Shield of New Mexico. But directly “impacted (plans/brands) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare.” Further reading indicates that their Blue Card plan members, which is nationwide, are also at risk.

However, Blue Cross Blue Shield of New Mexico admits they do not yet know: “We are working hard with Anthem to determine whether any of our customers or employees were affected by this event. Should we discover that any of our members were impacted, you will be notified.”

How will affected members be notified?
Anthem will mail letters via snail mail to affected members in coming weeks. However, the first sign may be phishing emails claiming to be from Anthem. So do not respond to any emails supposedly from Anthem asking for personal information or confirmation or offering free credit monitoring. Anthem further advises this:

  • DO NOT click on any links in email.
  • DO NOT reply to the email or reach out to the senders in any way.
  • DO NOT supply any information on the website that may open, if you have clicked on a link in email.
  • DO NOT open any attachments that arrive with email.

This, by the way, is excellent advice for handling all suspicious emails.

What should worried members do?
For now, keep an eye out for strange email (don’t forget to check your spam filters and junkmail), various accounts, and so on. The company says the letters will include offers for free credit monitoring and identity protection services. Members and former members can call 877-263-7995 for more information.

What can I do to protect myself right now?
If you don’t want to wait to set up a credit freeze, monitoring services, and so forth, ZDNet has a handy page of links, including steps on reporting identity theft. If you suspect you’re a victim, don’t forget to report to the FBI at their Internet Crime Complaint webpage.

And of course, if something suspicious does arrive in your email, feel free to check it out with SWCP Tech Support. Bookmark this page; we’ll update it with the latest info as it comes in.