Potential Anthem Data Breach - What to Do Next

Brian M. Johnston, Henry Talavera
Polsinelli
Contact
LinkedIn
Facebook
X
Send
Embed

As you may have heard in the news by now, as many as 80 million subscribers to health insurance coverage provided by Anthem in as many as 14 states may have been the target of a cyber-attack that could have exposed important personal information, including names, birthdays, and personal identification information (including social security numbers). The good news from Anthem appears to be that no personal credit card or individual medical information has been disclosed. However, Anthem is still evaluating the extent of the damage, as well as undertaking further assessment of whether the attacks have any broader reach, including whether they extend to other Blue Cross and Blue Shield affiliated organizations (although not part of the same legal organization, Anthem is affiliated with other Blue Cross and Blue Shield Association members and often share information and resources internally).

Although it is too soon to know the full extent and ultimate outcome of this data disclosure announcement, there are steps we recommend that every employer or plan administrator consider taking to protect their employees. These steps for employers/plan administrators may, among others, include:

  • Working with your insurance advisors and consultants to determine if your health insurance plan is a plan that receives medical benefit coverage through Anthem or another Blue Cross and Blue Shield organization. If not, you are not subject to the current data breach investigation; 
  • If your group health plan is administered or provided through Anthem or another Blue Cross and Blue Shield organization, you and your advisors/consultants should be evaluating the potential impact to your employees. 
  • If your group health plan is self-insured, assessing the current status and impact of your HIPAA Privacy and Security Policies and Procedures, including your and Anthem’s obligations around any required notifications for unauthorized disclosures of protected health information (“PHI”). In that regard, you should also consider reviewing any Business Associate or other contracts you may have with Anthem. 
  • Considering whether to send a memo or other communication to your employees regarding the potential Anthem breach. Depending on your circumstances, you might indicate that you are currently monitoring the impact of this situation on their behalf. Also, you might suggest that employees gain direct information from Anthem at www.AnthemFacts.com or through calling 1-877-263-7995 if that information has not already been provided.

 

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Polsinelli | Attorney Advertising

Written by:

Polsinelli
Polsinelli
Contact
more
less

Polsinelli on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide