At least a half-million Long Islanders who have Empire BlueCross BlueShield health insurance may have had their personal information compromised in a massive cyber-attack.
Empire’s parent company, Anthem Inc., determined Jan. 29 that as many as 80 million customers could have been affected by a sophisticated hack that compromised names, member ID numbers, dates of birth, Social Security numbers, addresses, phone numbers, email addresses and employment numbers. So far there is no evidence that credit card or medical information was compromised. No one has been apprehended in the attack, which the FBI is investigating.
In New York, at least 4.5 million current members were affected, including at least 500,000 on Long Island, Empire spokeswoman Sally Kweskin said. In addition, an unknown number of former members going back to 2004 may also have been impacted, she said.
“The company is working diligently to determine who exactly was affected and we should know within the next couple of weeks,” Kweskin said. “But anyone who thinks they were affected can enroll Friday.”
Beginning Friday, Empire customers will be able to sign up for free credit monitoring and identity theft protection for two years. Information on how to enroll will be posted at www.anthemfacts.com.
Empire will be also contacting current and former members — only by mail delivered by the U.S. Postal Service — with information on how to enroll in credit monitoring.
The health insurer is warning New Yorkers not to reply to emails that appear as if they are from Anthem or Empire in an attempt to get personal information. These are “phishing” scams. People should not click on links, reply to the email, supply any information or open any attachments, Empire said.
And the company said it is not calling members regarding the cyber-attack and is not asking for credit card information or Social Security numbers over the phone.
Many unions and schools systems, including SUNY’s 34,973 employees, have Empire health insurance and were affected by the breach. SUNY sent an email alerting its campuses.
So did Bruce Singer, associate superintendent at Sachem Central School District in Lake Ronkonkoma. He sent an email last Friday to the district’s 2,500 employees giving them a heads-up about the attack and Anthem’s plans. “We’re concerned about everyone’s online security,” Singer said.
Benjamin Lawsky, state superintendent of financial services, said the attack on Anthem, one of the largest health insurers in the U.S. and which made $2.6 billion in 2014, and others “should serve as a stern wake-up call for insurers and other financial institutions to strengthen their cyber defenses.”
Lawsky released a survey Sunday looking at cybersecurity among 43 insurance providers in the state, including 21 health insurers.
The report found that larger companies didn’t necessarily have the most sophisticated cyberprotection. And while 95 percent of insurers believe they have enough staff for information security, only 14 percent of chief executive officers receive monthly briefings on it.
The survey also found that cyberbreaches are not rare among insurers: 35 percent had had one to five breaches within the last three years, 2 percent experienced between six and 10, and 5 percent more than 10.
Date: February 12, 2015