Kansas, Missouri Records Affected In Anthem Cyberattack
It’s likely that the records of some Kansas Medicaid recipients and Missouri Blue Cross and Blue Shield policyholders were compromised by a cyberattack on the Anthem health insurance company.
The breach was discovered last week but news of it wasn’t made public until Wednesday.
Cindy Wakefield, a spokesperson for Anthem, the nation’s second-largest health insurer, said the hackers accessed the records of a significant number of current and former policyholders and individuals covered by the company’s Medicare and Medicaid subsidiaries.
All told, the database contained approximately 80 million records, she said.
“We don’t believe that the entire population was impacted, but we think that it’s in the tens of millions,” Wakefield said. “We know that it is impacting all lines of our business in all of our states.”
Anthem is the parent company of Amerigroup, one of the three private managed care organizations selected by Kansas to privatize its Medicaid program, known as KanCare. Amerigroup covers approximately 132,000 of the more than 411,000 low-income, disabled and elderly Kansans enrolled in KanCare, according to a recent report compiled by the Kansas Department of Health and Environment for a legislative oversight committee.
Wakefield said the company is “working around the clock” to determine the number of its Kansas beneficiaries who were affected by the cyberattack.
“The assumption is that some of our Kansas members have been impacted, but at this point we just do not know how many,” she said.
The same is true, Wakefield said, for Anthem’s policyholders in Missouri, where the company has about 25 percent of the private health insurance market. Most of the policyholders are concentrated in the St. Louis area.
When company and FBI investigators are able to determine which records were compromised, Anthem will notify affected individuals by letter. The letters will include information about how to enroll in credit monitoring services and will offer to cover the cost of credit repair services, Wakefield said.
“And that (the credit repair) will be retroactive to last week when we discovered the attack,” she said.
So far, Wakefield said, “There is no evidence that any fraudulent activity has occurred due to this attack.”
The records accessed by the hackers contained people’s names, addresses and Social Security numbers, but no credit card or sensitive medical information, Wakefield said.
Blue Cross and Blue Shield of Kansas is not affiliated with Anthem, but some of its members may have had records in Anthem's system, said Mary Beth Chambers, a spokesperson for Kansas' largest health insurer.
"We are working with Anthem to learn more about the data that was compromised and whether any Blue Cross and Blue Shield of Kansas members are affected by this breach," Chambers said. "If we learn that any of our members had their information compromised, we will notify them in writing as soon as possible."
In the meantime, Chambers urged consumers to check a special BCBS website that has answers to frequently asked questions about the breach.
Anthem also has created a website to keep consumers updated on its investigation.
Jim McLean is executive editor of KHI News Service in Topeka, a partner in the Heartland Health Monitor team.