Anthem health plan customers affected by the recent data breach can sign up for two years of free credit monitoring and identity theft protection services starting Friday, the insurer told state attorneys general.
Also, Anthem expects to share how many people were actually affected by the hack “before end of week,” spokeswoman Kristin Binns said.
The updates come as Anthem works to stem the damage from a historic data breach that exposed the personal information of up to 80 million people. But at least in the short term, the incident does not appear to be negatively affecting Anthem's enrollment efforts in the waning days of the Affordable Care Act's sign-up period.
Earlier this week, Connecticut Attorney General George Jepsen and nine other state attorneys general sent a letter to Anthem CEO Joseph Swedish demanding that the company update its members on how they can protect themselves from the data breach. Hackers stole the Social Security numbers, birthdays, income information and other personal data of Anthem members as early as December, but the insurer said medical records and credit card information were not compromised.
Jepsen in particular said his office was “flooded with phone calls” from Connecticut Anthem customers “who are frustrated with the lack of information from Anthem.” Many Anthem members in other states similarly have not received correspondence on what to do next.
“The delay in notifying those impacted is unreasonable and is causing unnecessary added worry to an already concerned population of Anthem customers,” Jepsen wrote.
Anthem responded to the letter Wednesday. Affected consumers will receive two years of free credit and ID protection instead of the customary one year, and they can get the services Friday, wrote Jill Rubin Hummel, president of Anthem Blue Cross and Blue Shield in Connecticut. Anthem will formally announce the third-party vendor it hired to manage the process on Friday, Binns said, and the company will provide further updates at anthemfacts.com.
An investigation into the data breach is still underway, and Anthem has not publicly commented on the source or motive of the hackers. The National Association of Insurance Commissioners is also working with Anthem to figure out the ramifications of the breach, which stemmed at least in part to cybersecurity protocol failures.
Indianapolis-based Anthem, formerly WellPoint, is one of the biggest players on the Affordable Care Act's insurance exchanges. The company ended 2014 with 707,000 members in its individual plans sold in the marketplaces. This year's open-enrollment period ends Sunday, and brokers say the data breach has had little or no impact on customers' decisions when they sign up for or renew coverage despite the broader aggravation.
“There's been a couple mentions of (the data breach),” said Jeff Sopko, a health insurance broker based in Steger, Ill. But it hasn't stopped any of his prospective clients from buying Anthem insurance in Illinois, he said. “What else are you going to do if you need health insurance?”
John Barrett, a broker in Pasadena, Calif., who sells Anthem plans outside the state exchange, echoed that the breach seems to have done little to drive consumers away from Anthem. “No one cares about that,” he said. “It's more in the eye of the media than in the reality of the street … I think people have just become numb to it.”
Follow Bob Herman on Twitter: @MHbherman