More than 300,000 Minnesotans were affected by the massive data security breach reported earlier this month by health insurer Anthem Inc., and the Indianapolis-based company plans to send letters soon about the incident.
On Monday, Anthem reported to state officials that about 206,800 Minnesotans could have their Social Security numbers at risk from the cyberattack, according to the Commerce Department.
In addition, about 106,800 Minnesota consumers had other data compromised, including names, health identification numbers, dates of birth, addresses, telephone numbers, e-mail addresses, employment information and income data, the Commerce Department said Tuesday.
Anthem has said it is not aware of any fraudulent activity against policyholders that has occurred as a result of the data breach, according to the state.
“Letters will begin going out next week in Minnesota and the other states where consumers were impacted,” wrote Tony Felts, a spokesman for Anthem, in an e-mail. “The mailing is expected to take several weeks.”
Anthem said the breach affected a total of 78.8 million people, slightly less than its earlier estimates.
Commerce estimates that about 6 percent of Minnesota residents were potentially affected by the Anthem data breach.
Mike Rothman, the Commerce Department commissioner, said in an interview that Minnesotans affected by the incident should consider taking advantage of credit monitoring and identity theft prevention being offered by Anthem.
“If you do get a notice, or you are an Anthem member through your employer, you should make sure you have the information from Anthem in terms of what information was potentially compromised,” Rothman said. “You should monitor very closely your own accounts.”
Anthem is one of the nation’s largest health insurers, although it does not sell health plans directly in Minnesota. Several out-of-state companies with workers in Minnesota, however, get coverage through Anthem.
The tally of those affected in Minnesota includes about 30,000 people with coverage from Eagan-based Blue Cross and Blue Shield of Minnesota, said spokesman Jim McManus.
The state’s Blues plan is independent from Anthem, but both insurers are part of the national Blue Cross and Blue Shield Association. So, when a Minnesotan with coverage from the Eagan-based insurer seeks care in a state where Anthem has the Blues franchise, the claims are processed by Anthem.
“It was Anthem systems that were breached, but some of our member information was caught up in that cyberattack,” McManus said.
Starting next week, the Eagan insurer plans to send letters to about 289,000 subscribers in Minnesota and other states that will serve as a pre-notice for the letters coming from Anthem.
Insurers are required to notify current and former subscribers who’ve been affected by the breach, said Sandy Hill, director of health care reform with Blue Cross and Blue Shield of Minnesota. But the pre-notice could be helpful, officials with the local insurer say, because Anthem will be sending somewhere between 60 million and 70 million letters about the incident.
“Less than 1 percent of our members had a Social Security number associated with the breach,” Hill said. “There’s no evidence at this point that anyone was harmed.”
The state Commerce Department says that consumers who think they may have been affected can call 877-263-7995, a toll-free number established by Anthem.