US health insurer Anthem now says that the recent security breach that exposed the personal data of tens of millions of its customers also affected people who never did business with the firm.
That's because Anthem's database included data not just for customers of Anthem-run Blue Cross Blue Shield healthcare plans, but also for customers of Blue Cross Blue Shield plans run by other companies outside of the fourteen states in which Anthem operates.
Reuters reports that in addition to the 70 million Anthem customers who were affected by the breach, Anthem now estimates that between 8.8 million and 18.8 million customers of other companies' health plans may also have had their data compromised.
Those figures include anyone with a Blue Cross Blue Shield health plan operated by a company other than Anthem who received reciprocal care in one of the states in which Anthem has exclusive title to the Blue Cross Blue Shield brand.
Blue Cross Blue Shield is a federation of health insurers that operates in 37 US states. Anthem, the nation's second-largest health insurer, offers Blue Cross Blue Shield plans in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, Ohio, Wisconsin, and parts of New York and Virginia.
Anthem has contacted various states where it has no presence to let them know that their residents may also have had their data slurped – which reportedly includes roughly 23,000 people in Vermont, 27,000 in North Dakota, and some 300,000 in Minnesota, to give a few examples.
The company has offered 24 months of identity theft repair and credit monitoring services to its customers who may have been affected by the breach, but it has not said that it will extend the same to customers of other companies. ®