Anthem Health Plan Hack Ensnares Hollywood Unions
The breach may affect DGA, WGA, SAG-AFTRA and IATSE members who are subscribers to Anthem’s Blue Cross plans.
A cyberattack on a database of 80 million current and former customers of health insurer Anthem won't leave Hollywood unscathed, as members of at least four key unions are subscribers to Anthem's California or New York plans.
The hack, which the insurer called "a very sophisticated external cyber attack," was disclosed Wednesday night in an email to subscribers. Anthem said that attackers "have obtained personal information … such as … names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," but said it did not currently believe credit card or medical information had been compromised.
Anthem, formerly known as Wellpoint, is the third largest health insurance provider in the country and operates plans in fourteen states, including California's Blue Cross and New York's Empire BlueCross BlueShield.
Affected union plans include those affiliated with the Directors Guild of America, the Writers Guild of America, SAG-AFTRA (the SAG health plan but not the AFTRA plan) and IATSE (both the MPIPHP and IATSE National Benefit Fund). The Entertainment Industry Flex Plan also apparently offers Anthem plans.
In a message to members, the DGA plan stated that while it contracts with Anthem for use of their provider network and uses Anthem to pay provider claims, "at this time we are not sure if Health Plan participant information was part of the Anthem data breach. We are working closely with Anthem to determine whether our participants' information was included."
The Screen Actors Guild-Producers Pension and Health Plan acknowledged the attack on its website. "We are currently not aware of how many Health Plan participants were affected," it stated. "We have been in direct contact with Anthem since the breach and were recently updated directly by them."
The IATSE National Benefit Fund posted a notice on its website, stating: "We are fully aware, and are diligently working with Empire BCBS on getting you more information as soon as it becomes available."
In addition to group plans, Anthem sells plans directly to individuals. Its individual plans sold on the Obamacare health exchanges hold first place in California market share and second place in New York, making it likely that significant numbers of entertainment industry workers are insured through such Anthem plans if not eligible for a company or union plan.
An email from Anthem president Joseph Swedish, sent to members Wednesday night and posted on the website, said the insurer had contacted the FBI and had engaged Mandiant — the same cybersecurity firm that Sony hired in the wake of the devastating cyberattack on its servers and network. An Anthem website update said that the company was working "around the clock" to determine how many members were affected. The Wall Street Journal, which first reported the story, quoted Anthem as saying the number was likely in the "tens of millions." The company said on the website that it would mail letters to those members "in the coming weeks" offering them credit monitoring and identity protection services.
The email also said that Anthem employees' own data had been compromised, including Swedish's own. The Journal quoted an Anthem executive as saying the company had first detected the intrusion in the middle of last week.
This intrusion is not the first time Anthem member data has been exposed. In 2012, the company settled a lawsuit filed by California Attorney General Kamala Harris after the company printed Social Security numbers on letters mailed to more than 33,000 of its Medicare subscribers, allegedly in violation of state law restricting disclosure of such numbers. In a separate incident a year later, the company erroneously posted the names, business addresses and social security numbers of an undisclosed number of physicians in PDF documents on Anthem's website.
Michael Walker contributed reporting.