More than 389,000 Kansans and nearly 2 million Missourians were affected by last month’s massive cyberattack on Anthem Inc., the nation’s second largest health insurer, figures released by the company show.
“This data breach is so far-reaching that it impacts nearly one-third of our state’s population,” Missouri Department of Insurance Director John M. Huff said in a statement Monday.
In Missouri, 1.5 million current and former Blue Cross and Blue Shield members over the last 10 years may have had their records hacked, according to Deb Wiethop, a spokeswoman for Anthem Blue Cross and Blue Shield of Missouri. She said another 330,000 members of Anthem-associated health plans in Missouri were also affected.
In Kansas, current and former Medicaid and CHIP recipients, as well as members of Blue Cross and Blue Shield of Kansas City, Blue Cross and Blue Shield of Kansas and other Blue organizations, were affected, according to the Kansas Insurance Department.
Separately, the Kansas Department of Health and Environment said on Monday that nearly 165,000 state Medicaid and CHIP recipients were among those whose personal information may have been compromised.
Anthem is the parent company of Amerigroup, one of three private managed care companies that administers KanCare, Kansas’ privatized version of Medicaid, as well as Unicare, a former CHIP contractor.
CHIP is the state Children’s Health Insurance Program, which provides federal matching funds for health insurance covering families with children.
KDHE spokeswoman Sara Belfry said personal information compromised in the cyberattack included names, dates of birth, Social Security numbers, health care identification numbers, home addresses, email addresses, employment information and income data.
“Anthem has done its due diligence to make sure that everyone has been contacted in a timely manner and that any credit or identity monitoring services are being offered to members,” Belfry said.
The services are being offered free. Missourians and Kansans affected by the breach can visit an Anthem website, https://www.anthemfacts.com/, which provides additional information on how to sign up for two years of credit monitoring and identity theft repair services.
Formerly known as Wellpoint, Anthem reported earlier this month that cyber attackers had breached a company database containing as many as 80 million records of current and former customers and employees.
The company said it did not believe credit card or medical information had been compromised.
The FBI is investigating the attacks. In addition, the Missouri Department of Insurance and insurance departments in California, Indiana, Main and New Hampshire are conducting a multistate examination of Anthem companies.
Dan Margolies, editor of the Heartland Health Monitor team, is based at KCUR.