UC Health Insurance Cyber-Attack Exposes Client Data

Anthem Inc. — the University of California’s health insurance provider — announced that it was the victim of a highly sophisticated cyber-attack on Feb. 5. Anthem informed the university that the hackers accessed the information of its 80 million members, including UC faculty, staff, students and retirees.

The hackers obtained names, member identification numbers, multiple Social Security numbers, birth dates, street addresses, email addresses, phone numbers and employment information. 

They were not able to access the Social Security numbers of UC students, however, because Anthem does not collect that information.

Director of global security response Katherine Keefe, who works for Beazley Group, which offers insurance for businesses against data breaches, told National Public Radio that even though they are not working with Anthem, this data breach is hugely significant in the healthcare world.

“It’s probably the largest healthcare breach that we’ve seen and maybe that the government has seen,” Keefe said. 

U.S. Open Data is a non-profit organization that works with governments to help companies understand, store and share data. Its director, Waldo Jaquith, told NPR that there needs to be federal legislation that addresses these security issues.

“We can no longer pretend that what happens on the Internet isn’t real life,” Jaquith said. “We need requirements in place to ensure that a minimum level of security is in place to protect crucial data about everybody’s lives.”

According to a UC press release, Anthem’s investigation as of Feb. 16 indicated that the data breach did not target or access the banking, financial or medical information of its members. Anthem also advised the university that there is no indication that the attackers have misused any of their employees, retirees or students’ personal information.

Furthermore, Anthem informed the university that it will provide any of its members who enrolled in 2004 or later with identity repair services and information on how to enroll in free credit monitoring. The health insurer will notify the affected members via U.S. Postal Service mail. 

In addition to the data breach, Anthem notified the university on Feb. 6 of a phishing scam related to the cyber attack. The phishing scam consisted of emails that use the Anthem logo and included an offer to sign up for a year of credit card protection.

Anthem also has created a website — http://AnthemFacts.com — dedicated to providing information regarding the data breach, such as a list of FAQ.

Anthem is currently the network provider and claims administrator for the UC Student Health Insurance Plan at UCSD, UCLA, UC Irvine (for graduate students only), UC Santa Cruz, UC Merced, UC San Francisco and UC Hastings College of the Law. It only provides vision insurance for UC Irvine undergraduates and UC Davis students.

Additionally, Anthem provided health insurance to UC employees, retirees and all of their dependents from 2003 until Jan. 1, 2014.

According to UCSD’s student health website, every quarter that a UCSD student enrolls in classes, the campus automatically enrolls them in UC SHIP and charges them the corresponding fee. Students, however, may opt out of UC SHIP and waive the fee if they already have an insurance plan and apply for a Health Fee Waiver.