Faculty, staff warned about Anthem scam emails

Herald staff

Update, Friday, 2:35 p.m.

Gordon Johnson, chief information technology officer, sent out an email Friday afternoon updating WKU faculty and staff about the Anthem data breach.

Some Anthem members are being sent scam emails that appear to be sent from Anthem or someone representing the company, according to the email.

“These scam emails look legitimate and may even include the Anthem logo,” the email said. “They instruct the recipient to click a link to enroll in free credit monitoring service or identity theft services.  Therefore, please be advised – DO NOT click on any links in emails sent to you unsolicited regarding this incident.  Anthem will be sending instructions regarding credit monitoring services to affected members by written notice (mail).”

Anthem is still conducting an investigation to determine the specific Anthem members impacted by the breach, the email said. Once the members are determined, Anthem will notify the individuals through physical mail. The notice will include information on how to reduce the risk any further vulnerable information being compromised.

Johnson also wrote that WKU will set up a website to keep faculty and staff updated on the on-going Anthem investigation. 

The original story is below:

Anthem, the nation’s second-largest health insurer, has been hacked and thousands of current and former WKU employees could be at risk. 

The breach was first announced late Wednesday and it could affect as many as 80 million current and former customers, USA Today reported. 

Gordon Johnson, chief information technology officer, sent out an email Thursday morning notifying WKU staff and employees about the hack.

“Anthem has informed us that its member/participant data was accessed, and could include that of WKU employees,” the email said.

Anthem has functioned as the third-party-administrator of WKU’s self-insured Employee Health Plan since January 1, 2003, according to the email.

Margaret Crowder, president of the faculty senate, said via email it could be too early to make an estimate as to the depth of the breach, particularly because Anthem itself is still investigating the problem. 

“Obviously, hearing that one’s personal information may have been compromised is not something anyone enjoys,” she said. “Let us hope that Anthem is able to provide more detailed information to us in the near future regarding what specific data was compromised and that they then follow up to offer identity monitoring and protection services to anyone who was affected.”

The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data. 

Social Security numbers were included in only a subset of consumers that were impacted, and Anthem is still working to determine which members’ Social Security numbers were accessed, the email said.

The Anthem data breach affected Anthem maintained systems and data. No WKU maintained systems were involved in the incident directly, the email said.

Anthem has created a website – www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information on the cyber-attack.

The original email is below:

Dear WKU Employees:
 
Earlier today, WKU received official notice that Anthem, Inc. was the victim of a highly-sophisticated cyber-attack.  A number of you have already received an email directly from Anthem notifying you of this incident.   Anthem has functioned as the third-party-administrator of WKU’s self-insured Employee Health Plan since January 1, 2003.  Anthem has informed us that its member/participant data was accessed, and couldinclude that of WKU employees.  WKU IT and HR are working closely with Anthem to better understand the impact on members/participants.  Provided below is what has been provided to us by Anthem:
 
·       Once Anthem determined it was the victim of a sophisticated cyber-attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
·       Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
·       Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
·       The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
·       Anthem is still working to determine which members’ Social Security numbers were accessed.
·       Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
·       There is no indication at this time that any personal information has been misused.
·       All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
 
I want to make clear that this Anthem data breach incident affected Anthem maintained systems and data.   No WKU maintained systems (such as Banner HR) were involved in this incident directly.
 
We are working closely with Anthem to better understand the cyber-attack and the impact on WKU current and former employees. Anthem has created a website –www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information on the cyber-attack.
 
We will continue to update you as appropriate based on any new information.
 
Thank you,
 
Gordon Johnson, Jr.
Chief Information Technology Officer
Western Kentucky University
Information Technology Division
270-745-6455
270-745-2243
 
 
The Herald will update this story as more information becomes available.