Anthem was the target of a very sophisticated external cyber attack.
These cyber attackers gained unauthorized access to Anthem’s Information Technology (IT) system and have obtained personal information from its current and former members such as their names, birthdays, member health ID numbers/Social Security numbers, street addresses, email addresses and employment information, including income data.
Anthem’s investigation to date indicates there is no evidence that credit card or medical information, such as claims, test results, or diagnostic codes were targeted or compromised.
Anthem is currently conducting an extensive IT forensic investigation to determine what members are impacted. The Anthem teams are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication. Anthem will notify you via US Mail in a letter; notifications will not be sent via email or over the phone. Anthem is currently working to identify the members who are impacted; letters are expected to begin to be mailed in the next two weeks...
February 13, 2015 - On January 29, 2015, Anthem, Inc. (Anthem) discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT system and obtained personal information relating to consumers who were or are currently covered by Anthem or other independent Blue Cross and Blue Shield plans that work with Anthem. Anthem believes that this suspicious activity may have occurred over the course of several weeks beginning in early December 2014.
Effective September 10, 2013, the University of Kentucky Board of Trustees approved changing UK’s retirement plan vesting schedule from five to three years for employees who joined the University on or after January 1, 2010. Employees hired prior January 1, 2010 are immediately vested.
To: faculty and staff
From: Human Resources
Date: Feb. 16, 2015
Subject: New Important Information from Anthem
Last week, we made you aware Anthem was the target of a very sophisticated external, cyber attack. We sent three emails updating you on the situation, sharing additional information as we became aware.