November 4, 2015
Dear eamaaagagp.
As you may have héard in media reports, Excellus BlueCross BlueShield (Excellus) publicly disclosed
that it was the victim of a cyber attack. Excellus notified Anthem about this incident on September 9,
2015, the same day Excellus notified the media. You are receiving the attached letter from Excellus
because Excellus has determined that your information may have been impacted by the cyber attack.
We would like to help explain Anthem’s relationship with Excellus and why your data may have
been in Excellus’s systems. First, Anthem is neither owned nor operated by Excellus. Excellus is a
separate company with which Anthem works to administer certain aspects of your health care plan
when you receive health care services in upstate New York. This affiliation enables BlueCross and
BlueShield members to receive the high-quality, affordable health care they need, wherever they
are. Your information may have been in Excellus's information technology systems because you
received health care services in the Excellus service area.
Second, it is important to note that the Excellus cyber attack is not the same as the cyber attack
against Anthem, about which you may have been notified earlier this year.
Third, enclosed is Excellus's official notification to you about the cyber attack, including a description
of what happened, the types of information involved, steps Excellus is taking to investigate the event,
the identity repair services and credit monitoring, services available to you and how Excellus
to work to minimize potential harm to you. We encourage you to read this notice and take advantage
of the services being made available to you by Excellus.
‘Anthem takes the confidentiality of our members’ data very seriously, and we regret that this incident
occurred. Should you have questions, please follow the instructions in the attached letter.
Sincerely,
Anthem, Inc.