Blue Cross and Blue Shield of Georgia members are among those whose personal information has now been compromised after cyber attackers "executed a very sophisticated attack" on the insurer's parent company, Anthem.
The attack affects Blue Cross and Blue Shield of Georgia members employees who are currently covered, or who have received coverage in the past, a statement from the company said.
The information accessed includes names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data. Credit card information was not compromised, nor is there evidence yet "that medical information such as claims, test results, or diagnostic codes were targeted or obtained," the statement said.
BCBSGa said Thursday that will individually notify current and former members whose information has been accessed, and that credit monitoring and identity protection services will be provided free of charge
Meanwhile, BlueCross BlueShield of Tennessee officials stressed on Thursday that they were "separate companies, with completely distinct operations and information systems."
"We want to stress that BlueCross BlueShield of Tennessee's information systems and member data were not directly attacked," said spokeswoman Mary Danielson.
But the company says members who received care in one of the states affiliated with Anthem plans -- including Georgia -- may need to take extra precautions.
"Based on what we know now, if any of our members received care in one of 14 states with affiliated Anthem health plans, it is possible that some of their personal data may have been stolen in the criminal act against Anthem."
Danielson said the company is taking "additional precautions" to secure members' health information and that the company is "closely coordinating with Anthem to ensure that any of our members whose information may have been exposed will be offered credit monitoring and identity repair services."
BlueCross BlueShield of Tennessee was the victim of a data breach in 2009, when 57 hard drives were stolen from the company's East Gate call center BlueCross spent $17 million on the investigation following the breach, and $1.5 million in federal penalties for compromising over a million members' personal information. Though there is no indication any data from that attack was ever used, company officials said.
On Thursday, Danielson said that it may take some time for Anthem to determine exactly which members have been affected by the breach. Anthem said will notify BlueCross of any members whose information was stolen "in the coming weeks."
Anthem has created a website, www.anthemfacts.com, where members can access information, about the breach. There is also a dedicated toll-free number that both current and former members can call if they have questions related to the cyberattack. That number is: 877-263-7995.
Contact staff writer Kate Belz at firstname.lastname@example.org or 423-757-6673.