Please Review: Employer groups currently with or formerly with Anthem as medical insurance carrier or TPA.
We want to make you aware of a data security incident regarding Conduent Business Services, a subcontracted vendor for Anthem Blue Cross / Blue Shield (Elevance Health).
Based on the information that has been shared with our team, the incident impacted certain members in Anthem-administered health plans across 14 states, however no impact report is available. Conduent is required to send member notices, which will detail the incident, specific member data impacted, credit monitoring services, and a direct phone line for questions to Conduent.
While we wanted to ensure you are informed, we are not involved in the investigation or remediation efforts and do not have access to additional details beyond what has been provided to us.
As always, we remain available to support you from an advisory standpoint and to help coordinate conversations as needed.
We will continue to monitor updates and share relevant information if additional guidance becomes available.
More information on the incident is below for your information:
Conduent Business Services, LLC (“Conduent”) provides printing, mailroom, and other support services for several Blue Cross and Blue Shield plans. Conduent has identified a cybersecurity incident that may have involved member personal information. While there is no indication that the information has been misused, the notices are designed to make members aware of the circumstance. The data potentially involved includes name, date of birth, health insurance ID number, provider-assigned patient ID, treatment cost, group policy number, and, in some cases, Social Security Number. Not all individuals were affected in the same way, and not all data elements applied to every person. This incident impacts Anthem members and individuals who use Blue Card services. Depending on their network usage, members may receive more than one notification from Conduent.
Upon discovering the issue, Conduent secured and restored its systems and notified law enforcement. All communication regarding this incident will continue to come directly from Conduent—not Anthem—as the breach occurred within Conduent’s systems. Conduent will provide information about the data breach and offer complimentary credit monitoring and identity restoration services.
Conduent’s investigators have confirmed the breach is no longer ongoing. Conduent has hardened security on the impacted systems.
Elevance Health (Anthem) continues to invest in its cybersecurity program, secure systems, security software, and hardware, and 24/7/365 security monitoring. Capabilities will continue to evolve in response to and anticipation of ever-changing risks faced in a digital world. Elevance Health (Anthem) actively seeks out, identifies, and addresses risks as they emerge.