"On April 12, 2017, LaunchPoint, learned that one of its employees was likely involved in identity theft related activities. LaunchPoint hired a forensic firm to investigate. On May 28, 2017, LaunchPoint learned that some other, non-Anthem data, may have been misused by the employee. LaunchPoint then learned the employee emailed a file with information about Anthem companies’ members to his personal email address on July 8, 2016. This action violated LaunchPoint’s policies. The investigation is ongoing. LaunchPoint does not know if the email was related to a legitimate work purpose."LaunchPoint took it upon itself to review the emailed file for personal health information (PHI) that belonged to Anthem members. By June 12, 2017, it had found that the file contained Medicare ID numbers, which includes Social Security Numbers, Health Plan ID numbers, and other medical information, as well as a small number of last names and dates of birth. The insurance coordination firm then notified Anthem on June 14, 2017.
"Anthem had to work with LaunchPoint to determine if the information contained in the report corresponded to Anthem family health plan members. We had to ensure LaunchPoint had accurate address information in order to notify those impacted."The insurance coordination firm is offering two years of credit monitoring and identity protection services to affected members at no cost to them. In the meantime, LaunchPoint has terminated the offending employee, whom law enforcement officers have since arrested on charges unrelated to the emailed file. The company is also working to strengthen its existing policies and procedures in an effort to prevent similar events from occurring in the future. News of this breach follows just over a month after Anthem agreed to pay $115 million to settle a class-action lawsuit over the 2015 data breach that compromised the personal information of nearly 80 million customers.