November 4, 2015 Dear eamaaagagp. As you may have héard in media reports, Excellus BlueCross BlueShield (Excellus) publicly disclosed that it was the victim of a cyber attack. Excellus notified Anthem about this incident on September 9, 2015, the same day Excellus notified the media. You are receiving the attached letter from Excellus because Excellus has determined that your information may have been impacted by the cyber attack. We would like to help explain Anthem’s relationship with Excellus and why your data may have been in Excellus’s systems. First, Anthem is neither owned nor operated by Excellus. Excellus is a separate company with which Anthem works to administer certain aspects of your health care plan when you receive health care services in upstate New York. This affiliation enables BlueCross and BlueShield members to receive the high-quality, affordable health care they need, wherever they are. Your information may have been in Excellus's information technology systems because you received health care services in the Excellus service area. Second, it is important to note that the Excellus cyber attack is not the same as the cyber attack against Anthem, about which you may have been notified earlier this year. Third, enclosed is Excellus's official notification to you about the cyber attack, including a description of what happened, the types of information involved, steps Excellus is taking to investigate the event, the identity repair services and credit monitoring, services available to you and how Excellus to work to minimize potential harm to you. We encourage you to read this notice and take advantage of the services being made available to you by Excellus. ‘Anthem takes the confidentiality of our members’ data very seriously, and we regret that this incident occurred. Should you have questions, please follow the instructions in the attached letter. Sincerely, Anthem, Inc.