Kentucky Retirement Systems
Anthem Cyber Attack
Dear KEHP Members,
This morning, the Kentucky Employees’ Health Plan was made aware that Anthem, Inc., the parent company of our health insurance administrator, is the victim of a highly-sophisticated cyber attack. Anthem data was accessed, which could include that of Kentucky Employees’ Health Plan members.
You may have already received notice from Anthem, or learned about the event through various news reports. We also wanted to provide direct notice and ensure you have the most up-to-date information. We are working closely with Anthem to better understand the impact. Here is what we know:
- Once Anthem determined it was the victim of a sophisticated cyberattack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
- Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
- Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. Media reports indicate as many as 80 million current and former Anthem customers and employees may have been exposed. The investigation is still taking place.
- The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
- Anthem is still working to determine which members’ Social Security numbers were accessed.
- Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
- Anthem has advised us there is no indication, at this time, that any of their clients’ personal information has been misused.
- Anthem will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. Impacted members will be provided information on how to enroll in free credit monitoring.
We are continuing to work closely with Anthem to better understand the cyber attack and the impact on our members.
Anthem has created a website – www.AnthemFacts.com, and a hotline, 1-877-263-7995, to call for more information. You can also view additional Frequently Asked Questions (FAQs) that further explains the cyber attack.
We will continue to keep you updated on Anthem’s ongoing investigation.
Kentucky Employees’ Health Plan