- Anthem, Inc. announced a potential health data breach last week after one of its data bases containing the personally identifiable information (PII) of 80 million individuals was infiltrated by outside hackers.
Now, the health insurer is warning consumers to be on the lookout for scam email campaigns that are trying to gain access to that information. Known as a “phishing” scheme, these attacks are designed to look like legitimate emails, and ask individuals to click on links in the email, or respond to the email with personal information.
“This outreach is from scam artists who are trying to trick consumers into sharing personal data,” according to the Anthem statement. “There is no indication that the scam email campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers.”
Specifically, Anthem warned consumers against clicking on any links in suspicious emails, replying to the emails, giving any information to a website connected to the email links, and against opening any attachments with the emails.
Anthem also clarified that it will not be sending emails along those lines to warn former and current customers who were potentially affected. Moreover, Anthem will also not be calling individuals over the phone. Instead, the health insurer said that individuals will be contacted through mail delivered by the US Postal Service.
These letters will contain information about the cyber attack, along with specific instructions on how to enroll in credit monitoring.
Anthem, Inc. said in a statement on its website that the specific health plan or brands that are possibly affected from the cyber attack are: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare.
The information potentially compromised includes names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses. Employment information, some of which included income data, might also be at risk in the Anthem health data breach.
While it has not yet been officially announced what caused the cyber attack, Chinese state-sponsored hackers could potentially be behind the incident, according to anonymous sources in a Bloomberg Business article. This theory is strengthened by the fact that the Anthem health data breach relied on malware and tools that consistently been used by Chinese cyberspies, the news source stated.
Completely preventing healthcare data breaches is likely not possible, according to privacy and security experts, but there are numerous ways to try and mitigate the risk.
In an interview with HealthITSecurity.com, Patrick Wilson, Contra Costa County Health Services CISO and Assistant Director of EHR, said that encrypting data is essential for facilities of all sizes. Having a comprehensive incident response plan is also important, so healthcare organizations can react accordingly should a health data breach occur.