Anthem cyber attack update

By Regence
January 10, 2015

Anthem, one of the nation’s largest health insurers, recently experienced a sophisticated cyber attack. This resulted in unauthorized access to Anthem’s information. We want you to know that the Regence information system was not breached. Anthem is a separate and distinct company.

Anthem has notified us that approximately 100,000 current and former Regence members were affected by the cyber attack over the last ten years. This includes about 38,000 current or former members who live in our four state region (Idaho, Oregon, Utah, Washington) and received medical care in any of the states where Anthem operates, and 62,000 current or former members who live out-of-state and received health care services in an Anthem service area. The states where Anthem operates are:  California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia, and Wisconsin.

Anthem will officially notify all affected members, including Regence members, and is offering two years of free credit monitoring and identity protection services. To access these services, go to These services can be accessed prior to receiving official notification from Anthem.

Regence will also communicate with our affected members (and their brokers and employers) in advance of Anthem’s notification.

Why would Anthem have Regence member data?

Anthem and Regence are each independent licensees of the Blue Cross and Blue Shield Association. Both participate in the BlueCard program which allows Blue plan members to receive in-network benefits when seeking medical care in another part of the country. When Regence members need care outside the Regence area, the doctor or hospital bills the local Blue Cross and/or Blue Shield plan. The doctor or hospital could have submitted personal information to Anthem to receive payment if a Regence member received care in a state where Anthem operates.

What kind of information may have been accessed as part of this attack?

Anthem’s investigation indicates that the member data accessed included names, dates of birth, member identifications, addresses, phone numbers, email addresses and employment information. Only a very small fraction of non-Anthem members had social security numbers exposed (less than 1% of non-Anthem members).

How will Regence members know if their information was accessed?

Anthem will officially notify all affected members, including Regence members. Regence will also communicate with our affected members (and their brokers and employers) in advance of Anthem’s notification.

What is Regence doing to keep member data safe?

We understand the worry and concern that an incident like this causes. The security and privacy of our members’ data is very important to us. Regence maintains multiple safeguards to protect personal information including continually monitoring our systems and security measures against the latest threats.

Watch out for scams

Be on the lookout for email and telephone scams related to the Anthem cyber attack. These scams, designed to capture personal information could appear as if they are from Anthem. Emails may include a “click here” link for credit monitoring.

  • DO NOT click on any links in email or open any attachments.

  • If you have clicked on a link, DO NOT supply any information on the website that may open.

  • DO NOT reply to the email or reach out to the senders in any way.

Also, be cautious on the phone. Anthem and Regence will not be calling members regarding the cyber attack or asking for credit card information or social security numbers over the phone.