Glad you're not on the Anthem hacker hit list? Not so fast – millions more affected US health insurer Anthem now says that the recent security breach that exposed the personal data of tens of millions of its customers also affected people who never did business with the firm. That's because Anthem's database included data not just for customers of Anthem-run Blue Cross Blue Shield healthcare plans, but also …
Ah Yes, Here.
El Reg, perhaps an article on how this happened before in 2009, and there were fines?
The cynic in me sees that everytime this happens, they offer credit monitoring for a year or two. But no liability for the actual loss.
This seems to cheap for $CORPS, they are not taking this seriously...
P.
They don't have to take this seriously. Ideally you are right, they should have liability but it will take something heavier than a legislative slap on the wrist to do it. I think make the fine automatic and high but then there's the mom and pop shops that will suffer.
We found out that because my wife went to California for some treatment, her account may have compromised even though we're members elsewhere. Seems that Anthem had to "pre-process" the claim before sending it on and there's no telling what and how much information they had on her.
Since the legislative/regulatory path is proving ineffective, what does that leave us? Legal action? That just means that the lawyers get rich and the damage really does not get undone or prevented. As this issue extends far beyond the health care industry, my guess is the best way to deal with it is through more far-reaching legal reform. Unless a bunch of pols have their identities stolen - then we will have immediate, misguided action which will cause unintended consequences for years to come.
Two things that may inspire improved customer database security:
1. Jail time instead of fines.
2. Shareholders eat the losses, followed by shareholder revolt, followed by new management.
If all the losses, fines and payouts to class action lawsuits are regarded as "costs of doing business" and simply tacked onto next year's premiums, then no improvements can be expected.
Well fuck.
If my BCBS customer associate is as helpful as usual, then they will refuse to tell me if I'm on the list (from the article, I logically would be) or offer any credit monitoring service.
My company just did our annual HIPAA certification training, where it was iterated over and over how bad a Protected Health Information disclosure could be. Using BIG companies and their "fines" as precedent, though, makes it appear like HIPAA has all the teeth of the DARE program.
The morning after the breach, I mailed security freeze requests to the three credit reporting agencies; and I've gotten the confirmations back from them. The consensus of security experts seems to be that this is Step #1 and that once this is done, credit monitoring services provide very little additional protection (despite what the hyperventilating commercials say).
The postage wasn't cheap--certified mail with return receipts times 3. I'm sending the bill to Anthem. We'll see what happens.
Thank God! I thought that Anthem might offer a woefully insignificant credit monitoring package in an attempt to shift the financial cost of their poor security onto their customers.
/sarcasm off
And yes, I am probably one of those who got their ID information leaked. I guess its time to review legal options against Anthem.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
