Anthem Security Breach: Highmark

Highmark has become aware of a privacy issue involving another large health insurer. We want to ensure that you are also aware of the details.

Highmark is in contact with Anthem to gain additional insight about this issue and learn how it might impact our members. We will continue to follow the situation, and we will be working with Anthem, the Blue Cross Blue Shield Association and other authorities and keep you apprised of the situation.

What is this situation and how did it occur? 

Anthem was the target of a sophisticated, external cyber attack. The attacker(s) gained unauthorized access to Anthem’s IT system and obtained personal information on current and former Anthem members. The FBI is conducting a forensics investigation to gain further information.

When will we know who was affected by this breach?

Due to the volume of information this breach involves, the names of potentially affected individuals are not yet known. As soon as Anthem provides us with this information, we will coordinate efforts to notify our members, as necessary.

What information were the cyber attackers able to obtain?

Personal information obtained about current and former Anthem members includes names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data. Currently, there is no evidence that credit card or medical information (e.g. claims, test results, diagnostic codes) were targeted or compromised.

What is Highmark doing as a result of this incident? 

Highmark currently has a team of information security professionals monitoring this issue and our members’ information. All areas of Highmark work in collaboration with the chief information security officer and chief privacy officer to ensure that sufficient data safeguards and processes are in place and comply with applicable international, federal and state laws, rules and regulations, accreditation mandates, ethical guidelines and industry standards related to privacy and security. Our privacy and security departments consist of professionals solely dedicated to matters relating to data security and privacy protections and are professionally trained and certified to handle complex privacy and security matters.

How is Anthem communicating this issue to its current and former members? 

Anthem has published a letter to its members (, along with a Q&A sheet ( To address members’ concerns by phone, Anthem has set up a toll-free number (877-263-7995). Anthem also plans to contact all current and former members individually.


The information provided herein is intended solely for the use of our clients. You may not display, reproduce, copy, modify, license, sell or disseminate in any manner any information included herein, without the express permission of the Publisher or Publishers of articles within.

The information provided is for informational purposes only and does not constitute legal advice. The information above contains only a summary of the applicable legal provisions and does not purport to cover every aspect of any particular law, regulation or requirement. Depending on the specific facts of any situation, there may be additional or different requirements. This is to be used only as a guide and not as a definitive description of your compliance obligations.