An estimated 18,000 current and former members of the Hawaii Medical Service Association had their personal information stolen during a cyberattack on Anthem Inc., a Blue Cross and Blue Shield plan that serves residents in 14 states.
HMSA, the state’s largest health insurer, said in a post Monday on its website that the number of affected members could increase as it determines whether 2,000 unknown names in Anthem’s database are or were HMSA members.
Anthem, the nation’s second-largest health insurer, announced earlier this month that hackers had stolen data for a 10-year period from 2004 to 2014. Some HMSA members who received medical care outside Hawaii could be affected since the insurer is a member of Blue Cross and Blue Shield.
"The only information that Anthem has on HMSA members would have been provided by a doctor or hospital in an Anthem state that cared for an HMSA member," Mike Gold, HMSA’s president and chief executive officer, said in the post. "This would include those members’ names, dates of birth, the cities and states where they live, and part of their HMSA membership number after it processed out-of-state medical or hospital services."
The danger of medical identity theft is that someone without insurance could use the data to get medical care or prescription drugs, leaving a victim on the hook for copayments, deductibles or services not covered. The services can end up in a victim’s medical records. Criminals also could set up a fraudulent company and bill an insurer for services never provided.
The data breach, one of the largest involving medical-related information in U.S. history, affects around 2.5 percent of HMSA’s more than 724,000 members who have had an Anthem plan in the last 10 years or had services in states where Anthem operates.
Anthem’s Blue Cross and Blue Shield health plans are in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.
HMSA said it typically doesn’t share Social Security numbers, medical or financial information, or other private information. However, Anthem said it believes hackers swiped private information including names, birthdays, medical IDs, Social Security numbers, street and email addresses, and employment information for as many as 78.8 million people.
"I’m deeply concerned about the cyberattack and the impact on HMSA’s members," Gold said in the post. "We’re sending letters to current and former members who are affected. Anthem is also sending affected HMSA members a letter over the next few months."
For more information, call HMSA at 948-6699 on Oahu or 800-432-6633 toll-free on the neighbor islands and the mainland. The hotline is open 8 a.m. to 5 p.m. Monday through Friday.
HMSA said Internet scams emerged following the Anthem cyberattack and is warning members not to give personal information to anyone they don’t trust over the phone or via email. It said Anthem is not calling members regarding the cyberattack or asking for credit card information or Social Security numbers over the phone.
Anthem is offering HMSA members two years of free credit monitoring and identity protection at AnthemFacts.com.
———
Bloomberg News contributed to this report.
