Anthem, Premera Blue Cross data breaches may affect thousands in AZ
Thousands of current or former Arizona customers of Anthem and Premera Blue Cross may have had sensitive personal information, such as Social Security numbers and birth dates, stolen by hackers during recent attacks.
Anthem officials informed state insurance regulators that 418,640 Arizonans either had Social Security numbers or other data compromised in the data hack, according to Arizona Department of Insurance records obtained Thursday by The Arizona Republic. The insurer disclosed last month that the data breach affected nearly 80 million people nationwide.
Anthem’s companies affected by the breach include Amerigroup, Anthem and Empire Blue Cross Blue Shield, CareMore and UniCare.
Premera Blue Cross, which operates in Alaska and Washington state, also disclosed last week that hackers may have accessed sensitive personal, financial and medical claims information for about 11 million customers nationwide. Premera has not yet determined how many Arizona residents were affected by the data breach, a company official said.
The computer hackers did not breach Blue Cross Blue Shield of Arizona’s computer systems, company officials said, but customers of the Arizona insurer could be affected if they used their insurance plans to access doctors, hospitals or other health services in states where Anthem and Premera operate.
Anthem’s 14 states include California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.
The two data hacks highlight the growing concern among security experts about sensitive personal, medical and financial information that insurers and other health providers maintain on nearly everyone who accesses health care.
“Nowadays, it’s all about the money,” said Shaun Murphy, founder of PrivateGiant, an Orlando-based consulting firm.
Murphy said there is a black market for such data, and cyberthieves who recover such detailed personal, financial and medical information on individuals can get lucrative payments.
Murphy said health-care insurers are a prime target because their security systems are typically not as robust as financial institutions. And if a hacker is able to piece together Social Security numbers, birth dates and medical-claims information about an individual, that creates the type of detailed profile about a person that black-market buyers covet.
“When you start to aggregate this information, it can bring in a ton of money,” Murphy said.
Both insurers recently have mailed letters to current and former customers who may be affected by the stolen data.
The insurance companies have offered those customers two years of credit monitoring and identity-theft protection services. Anthem consumers can get more information about these services at anthem.allclearid.com. Premera’s identify-theft protection will be offered through Experian. Visit premeraupdate.com for more information.
Premera spokesman Eric Earling said the company still is attempting to pinpoint all customers who may have been affected by the data breach in Arizona and other states.
The insurer said the sophisticated cyberattack may have accessed records dating to 2002. That means customers who once held Premera’s LifeWise plans, discontinued in Arizona last decade, may be affected.
Earling said some Arizona consumers may have Premera health insurance through their employer. That’s because Premera provides health-insurance coverage for large Seattle-area employers such as Amazon.com and Starbucks, though it’s unclear whether any of their Arizona employees are covered by Premera.
In Arizona, there have been 26 health data breaches that have each affected 500 or more people since 2010, according to the U.S. Department of Health and Human Services.
These data breaches involved health insurers, hospitals, doctors and other health-related businesses that have misplaced records, had laptops with sensitive information stolen or allowed unauthorized access to such sensitive information.
Of those data breaches in Arizona, HHS records show that hackers were responsible for two incidents, a Phoenix Health Plan breach that affected 9,393 people in 2011 and a Safe Ride Services hack that affected 42,000 people in 2012.