Update: On Feb. 6, Anthem notified UC of a phishing scam related to the cyber attack. The phishing scam, which uses Anthem's logo, includes an offer to sign up for a year of credit card protection. If you receive this or a similar email, do not respond to or click on any links. Anthem is not calling or emailing members.
Health insurer Anthem, Inc. disclosed on Feb. 4 that it was the target of a very sophisticated external cyber attack and that data for its 80 million members was accessed. This potentially includes information about UC students, faculty, staff and retirees, as well as their dependents.
Currently, Anthem is the network provider and claims administrator for UC SHIP, the university’s student health insurance plan, at UCLA, UC Santa Cruz, UC San Diego, UC Merced, UC Irvine (graduate students only), and UC San Francisco, Hastings College of the Law. UC Irvine undergraduates and UC Davis students have vision insurance only through Anthem. Anthem provided services for UC SHIP at all campuses from August, 2011 through July, 2013.
In addition, Anthem provided health insurance to certain UC employees and retirees and their dependents from 2003 until Jan. 1, 2014.
UC is in communication with Anthem to understand the effect of this data breach on current and former Anthem members. Here is a summary of information Anthem has provided:
- Anthem’s investigation to date shows that no confidential health information (e.g., no claims information, no diagnoses) was accessed.
- Anthem has advised UC that there is no indication at this time that any employees’, retirees’ or students’ personal information has been misused.
- Anthem will enroll members affected by the attack in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
- Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the Federal Bureau of Investigation (FBI) and began fully cooperating with its investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to provide incident response and security assessment services.
Anthem has created a dedicated website, www.AnthemFacts.com, where current and former Anthem members can find information. Members may also call 1-877-263-7995. In addition, the health insurer has provided these Frequently Asked Questions that further explain the cyber attack.