February 06, 2015

Important Information for Active and Retired Members Currently Enrolled In the Kentucky Conference Health Plans

Cyber attack Impacting Anthem Inc.

I want to let you know that we have just become aware that Anthem, Inc., the parent company of our health insurance provider, is the victim of a highly-sophisticated cyber attack. Anthem has informed us that its member data was accessed, and could include that of our active and retired employees who are currently enrolled in one of the Kentucky Conference Health Plans.

We are working closely with Anthem to better understand the impact on its members. Here is what we do know:

  • Once Anthem determined it was the victim of a sophisticated cyber attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
  • Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
  • Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
  • The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
  • Anthem is still working to determine which members’ Social Security numbers were accessed.
  • Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
  • Anthem has advised us there is no indication at this time that any of our clients’ personal information has been misused.
  • All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.
The Kentucky Annual Conference Board of Pensions and Health Benefits will continue to work closely with Anthem to better understand the cyber attack and the impact on our employees. Anthem has created a website – www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information, and has shared the attached Frequently Asked Questions (FAQs) that further explains the cyber attack.

We will work to keep you updated on Anthem’s ongoing investigation in hopes to find out who committed the attack, and why.

Sincerely,


Joni Way
Kentucky Conference Treasurer
Pension and Benefit Officer
Director of Administrative Services
jway@kyumc.org