Last week, hackers successfully breached Anthem’s security (you know, they own Blue Cross and Blue Shield among other top tier insurance brands) and stole up to 80 MILLION records of current AND former patients and employees. Yeah, let that sink in. I could be one of those 80 million people and, well, I’m PO’d. Everyone says I’m paranoid because I don’t want the health companies to put my info online. I refuse to register my fingerprint at 24 Hour Fitness because I know they couldn’t be trusted to protect catnip from a kitten, let alone my personal data. Well who’s paranoid now?
What Does Anthem Say?
I’m constantly amazed by the things that company officials actually say in these situations. In an official statement Kristin Binns, a vice president at Anthem, says that there was (currently) no evidence that financial or medical information was compromised. A local FOX affiliate posted this helpful chart:
So…..they didn’t get our medical or financial info, they just got EVERYTHING they need to steal an identity as well as the ability to create an account in order to get the medical and financial information they didn’t get the first time. Well you can just rock me to sleep Anthem.
The only thing I want to hear from Anthem is a groveling apology, a public statement admitting they royally effed up, and a lifetime of identity theft insurance, for whatever that’s worth. (I think they’re giving at least a year, but I’m guessing they’re not picking up the tab for life)
The ONLY thing positive about this whole thing is that Anthem made the breach public immediately as soon as the hack was detected and confirmed. They were quick, I will say that. A sysadmin noticed the problem last week and they disclosed right away. Good job on that at least.
OK, take a breath. What now?
The hardest thing is going to be to overcome our natural laziness. Everyone affected will need to be constantly vigilant for well, the rest of your life. Don’t fool yourself, this problem isn’t going away for you, because, as many teenagers have found out (to their everlasting regret) that stuff stays on the internet forever. On the up side, these are things you should be doing in any case, now you have an urgent reason to actually do it.
- Monitor your financial accounts – thieves have access to your SSN, birthdate, email and street address, employment info, etc.. That’s enough to get access to your financial accounts in a lot of cases, unfortunately. If you use a service like Mint, you can turn on alerts anytime a large (or small) transaction occurs.
- DO NOT click on any links even if they appear to be from Anthem. TechChrunch has an article about phishing attacks already being sent out, claiming to be from Anthem. Officials have stated that they will ONLY be contacting affected individuals via USPS MAIL. These mailings will have the correct info about the credit monitoring and identity protection services that Anthem will be providing. Here’s an example of a phishing attack that’s going around. There’s no links in the image below, but there are in the actual phishing emails, looks pretty legit, doesn’t it?
- NBC News had some good tips too, including putting a fraud alert on your file with each of the three credit bureaus. Another, more effective option would be to have the bureaus freeze your credit so no one can open up a new line of credit.
- I didn’t think of this, but they suggest filing your taxes early so that someone else doesn’t grab your refund. I’m guessing thieves won’t file for you if you owe this year 🙂
- When sites ask you to set up secret questions, DO NOT use answers that can be researched. Make something up that thieves can’t look up. Remember, the answers don’t have to make sense, just something you can recall easily. For example, don’t put your high school as a secret question/answer. That’s just way too easy to check.
- TURN ON 2-FACTOR AUTHENTICATION wherever possible. Can’t stress this enough. I’ve got some tips here.
OK! Good luck everyone, and be careful out there! If you need official information, Anthem has a website set up, it’s www.anthemfacts.com