Letters to the 78.8 million people affected by a massive health insurance security breach are expected to start hitting the mail next week, an Anthem official said Thursday.
Messages are already being sent to millions of members who provided the insurance company with their email addresses.
The letters and emails are general alerts explaining the infiltration first reported in early February. But make no mistake. They carry bad news.
"It means your information was in the database that was compromised," Anthem Blue Cross spokesman Darrel Ng said.
The cyberattack affected 13.5 million Californians, according to Anthem. That means Anthem members who haven't received a message about possibly being affected can expect to in the future.
"It is very likely you were in the database if you are a current Anthem member," Ng said.
The infiltration also affected many former Anthem members, dating back to 2004.
It affected affiliated plans and people in independent Blue Cross and Blue Shield plans who received care in areas served by Anthem.
Carmen Balber, executive director of the Consumer Watchdog advocacy group, is covered by Anthem and is waiting to see whether she receives a letter or an email.
She said the nation's second-largest health insurer deserves credit for publicly announcing the attack but hasn't sufficiently followed up.
"I don't think they've done enough to inform consumers about what happened," she said.
The breach has triggered investigations by regulators, including the California Department of Insurance.
Ng noted that Anthem's response has been praised by the White House and the FBI. The efforts include setting up an information website and a hotline to help consumers.
Working with different regulators in different states along with the massive scope of the attack complicated the process of notifying the affected people, he said.
"With tens of millions people who need to be notified, we are working as quickly as possible to provide personal notification," Ng said. "In the interim, any Anthem member can already see Anthem, 2B access credit monitoring and identity theft repair services."
The services, also available to many former members, are free and are explained at http://www.anthemfacts.com
Even people who already have credit monitoring have nothing to lose by using Anthem's protection services, said Eva Velasquez, president and CEO of the Identity Theft Resource Center in San Diego.
"Our thought is layers of protection," she said.
Velasquez said the data breach could lead to fraudulent expenses, tampered accounts and identity theft not limited to medical information. She urged people to maintain "good identity hygiene" by reviewing credit reports and financial statements. Red flags include the obvious, like fraudulent expenses, but also the subtle, such as the interruption of regularly mailed financial information.
She said people should be careful about the emails, even the letters, being sent by Anthem.
"Our caution and our concern is that the fraudsters are paying attention," she said of possible phony notices. She warned people not to click on any links in an email.
Anthem warned consumers earlier in the month of the possibility of fraudulent emails and phone calls. Ng said Anthem is neither calling customers about the cyberattack nor sending emails that ask for personal information.
Rick Dulaine, of Camarillo, was told by his employer about the Anthem attack.
The company's employees are covered by Blue Cross Blue Shield of Alabama, one of the plans affected by the breach.
He said the breach shows the growing need to figure out new ways to stop the hackers. He worries about the impact but has also grown accustomed to feeling vulnerable.
"It's part of the connective culture," he said.
Visit http://www.anthemfacts.com for more information.
Visit https://anthem.allclearid.com for Anthem's credit monitoring service.
Call 1-877-263-7995 for identity repair help.
Contact the author at [email protected] 805-437-0255.