Your Guide to Medical Breaches: Anthem, Premera, and CareFirst


Medical records have become the hot new target of crooks looking to steal your identity. Some 1 in 4 adult Americans were impacted by the Anthem breach. But that number could be 1 in 3 now with word of the Premera Blue Cross breach and the CareFirst breach.

Another major health insurer hacked

With the Anthem hack, criminals got names, birthdays, email addresses, Social Security numbers/medical identification numbers, addresses and employment data (including income) from a database that had info on 80 million people across 14 states. (No credit card information was accessed, nor was medical information like claims, test results or diagnostic codes.)

Anyone who has been impacted by this breach will receive written communication from Anthem. In the meantime, there’s a dedicated website at and a dedicated hotline at 1-877-263-7995 if you have additional questions.

Following that we learned about the Premera breach. This breach impacts some 11 million people most in the Pacific Northwest or those who lived in that area of the country. The info stolen dating back to 2002 includes members’ names, dates of birth, Social Security numbers, mailing and email addresses, phone numbers, member ID numbers and bank account information.

If you were a customer of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, or Vivacity and Connection Insurance Solutions, you could be among those 11 million people impacted by this latest breach.

The latest shoe to fall is a mid-Atlantic health insurer called CareFirst. This breach was small by comparison, involving just a little over 1 million people. Hackers may have snagged members’ names, user names, birth dates, email addresses and subscriber numbers, according to The Wall Street Journal.

So if you were impacted by any of these 3 breaches, what should you do? Here are some basics to get you started…

What is a credit freeze vs. credit monitoring?

As usual, Anthem and Premera have begun offering free credit monitoring to all those who were hit. I’m sure CareFirst will follow suit too.

Credit monitoring essentially puts fraud alerts on your credit files with the 3 main credit bureaus. These alerts are meant to raise a flag to potential creditors, alerting them to carefully verify an applicant’s identity before extending credit. But very often these alerts are ignored.

That’s why a credit freeze is superior to credit monitoring. A credit freeze allows you to seal your credit reports so no new applications for credit can be initiated in your name without your knowledge. When you do a credit freeze with the 3 main credit bureaus, you get a PIN that only you know.


This PIN can be used by you to temporarily ‘thaw’ your credit so that legitimate applications for credit and services can be processed. Without this PIN, a criminal would not be able to establish new credit in your name even if they are able to take over your identity.

Freezing your credit files has no impact whatsoever on your existing lines of credit, such as credit cards. You can continue to use them as you regularly would even when your credit is frozen.

A credit freeze will cost you from zero to $10 per bureau (every state is different), but I think it’s worth it. You MUST freeze your credit with all 3 bureaus.

Consider a credit freeze for your child

If you have kids who were impacted by this breach, I’d recommend a credit freeze for them too. Unfortunately, not all states allow a parent or guardian to freeze their child’s credit. At the time of this writing, the states that allow it include Delaware, Florida, Georgia, Illinois, Indiana, Iowa, Louisiana, Maryland, Michigan, Montana, Nebraska, Oregon, South Carolina, Texas, Virginia and Wisconsin.

If your state *doesn’t* allow it, you have to petition hard to get that changed. Here’s a form letter to request credit freeze legislation for minors.

Use an abundance of caution

This is a time when you need to beware of anyone calling or emailing you trying to impersonate Anthem, Premera, or CareFirst. The cons may ask you to click a link or to verbally confirm additional personal information over the phone.

When in doubt, hang up the phone or close out the email. Then call Anthem, Premera, or CareFirst to verify the legitimacy of whatever it is you have a question about.

If you remember one thing, it should be this: Do not click on any links in emails that come related to this breach!

Set up two-step authentication

Unfortunately, the criminals have enough info to attempt to seize funds in your bank or brokerage account. So you need to be proactive and set up what’s called ‘two-factor authentication‘ or ‘two-step authentication’ where you have to go through an additional step to authenticate who you are when doing a transaction.

The most common type of second-layer authentication is a security token (FSR token or fob that you carry with you) which you can get by calling your bank or brokerage firm. The security token generates a 6-digit code that changes every 30 seconds. So when you log in, you enter your username and password as usual and then also the latest six digits from your token.


Another way to have second layer of authentication is to have a verbal password put onto your account. But note this well: When you call your bank or brokerage firm, they will *not* give you any prompt to remember your verbal password — so you’ve got to be sure you have it memorized.

Finally, one last piece of advice: if you have the ability through your bank or brokerage account to do a wire transfer online, you should shut down that ability ASAP. The reality is you need to worry that criminals may attempt to send a wire from your account overseas and empty your account.

  • Show Comments Hide Comments