The public relations cleanup following Anthem Inc's data breach keeps getting worse for the health care insurance provider as U.S. state governments are filing formal letters of complaints against the company.
The story started when the nation’s second largest health insurer, Anthem Inc., was breached, allegedly by a Chinese cyber crime ring known as “Deep Panda.” Though the breadth of the breach is unknown, it’s suspected as many as 80 million Americans could have had their Social Security numbers, email addresses, name and physical addresses compromised in the latest attack. Luckily for those hacked, no payment card details were skimmed, and there’s no evidence any sensitive health data was compromised.
Reuters reported that 10 U.S. states have filed letters with Anthem listing their grievances about how the company has dealt with its public outreach following the massive data breach. The consensus among the legislatures are that Anthem's response wasn't speedy enough.
"The delay in notifying those impacted is unreasonable and is causing unnecessary added worry to an already concerned population of Anthem customers," wrote Connecticut Attorney General George Jepsen on behalf of Connecticut and the other nine involved states — which includes Arkansas, Illinois, Kentucky, Maine, Mississippi, Nebraska, Nevada, Pennsylvania, and Rhode Island. "Anthem must commit to reimbursing consumers for any losses associated with this breach during the time period between the breach and the date that the company provides access to credit and identity theft safeguards."
The letter urges the health insurer to provide adequate compensation to any consumers who were impacted by the breach and said Anthem should offer free credit monitoring to ensure consumers can track if any of their data is being used in a malicious manner.
In response to the breach, Anthem has sent out the following statement: "We have laid out a thoughtful plan with this vendor so that they can accommodate what we anticipate will be very high demand for these services. We plan to communicate to members very soon, about how exactly they can enroll."
The demand from the state governments to take action follows the news that the Anthem data breach was also flooded with phishing scams in the days following the attack. This included a false letter sent out on Anthem's behalf from the fraudsters in an email scam that indicated a year of free credit monitoring. Anthem notified their customers that they’d be following up in the coming weeks, but the phishers took it upon themselves to send out their own scam version with links. To combat the false letter, Anthem was forced to notify its customers about the cold-calling the scammers are doing.
It appears as though the tables have turned once again on Anthem and they'll be forced to respond again about its post-breach cleanup — but this time, they'll have to explain it to the state government leaders.