On June 10, my daughter, a new Anthem Blue Cross customer, received a letter from Anthem Blue Cross that there had been an hack of their website and that subscriber information had been accessed. When she tried to find out more by emailing them a list of questions, FireFox warned her that no secure connection could be made to their email system! What do they do with all that money they make? They don't spend it on health care for customers. They don't even spend it on IT!
Here are the details:
On June 10, 2010 a form letter arrived from one Roy R. Mellinger, Vice President, IT Security and Chief Information Security Officer, warning that, "a number of individuals" were able to gain access to apart of their IT infrastructure "where we store and track the status of individual insurance applications." These individuals "were able to inappropriately change our website address and gain access".
The first thing I thought of is a kind that I've hard (I meant "heard of")of--but not for many years. It's the kind of thing that script kiddies tried out during their first hacking forays years ago. It's hard to believe that one could access Anthem's data this easily.
Another suspicion the letter's language gives rise to is that someone at Anthem, or perhaps some outside contractor, was given access to one part of Anthem's data structure, but then discovered that they had been granted access to more than that.
In either case, Mr. Mellinger must be so proud of his IT staff! And Anthem must be so proud of Mr. Mellinger.
The letter goes on to offer "identity protection services for one year under Debix Identity Protection network at no cost to you." (It wasn't a bug, it was a feature--with a benefit!)
Further along, the letter says, we fixed it, don't worry, be happy! Even though we let "a number of individuals" have access to your name, SS# and credit card information. We'll help you out for a whole year!
My daughter then tried to send an email to Anthem asking questions like:
Who were those "individuals" who accessed the accounts?
Was it a hack by black hats or what?
When did it happen?
How many people does this affect?
Was health related information exposed? etc.
When she tried to send off the email, FireFox informed here that it was unable to make a secure connection because Anthem's certificate was out of order. Mr. Mellinger must be so proud!
We tried to find more information about the hack on Anthem's website. No dice. We did a search on the Google. Nothing specific. The PR department, at least, is doing a good job of keeping the lid on.
Maybe we could have a system where adequate funds are expended on things like health care and data security instead of marketing and, especially, Mr. Mellinger's bonus. It does no good to get mad at giant health insurance companies, they're beyond reach. If the government were handling health care at least we could get the FBI involved.