As the privacy officer for The Advisory Board Co., Rebecca Fayed knows a thing or two about privacy and what can happen when it's violated.
But when Fayed received a letter telling her that she, like nearly 80 million others, was the victim of a hacking attack on health insurer Anthem, Inc., she couldn't figure out why. Anthem wasn't her insurance provider.
ALSO ON NETWORK WORLD: Worst Data Breaches of 2014
"I had no idea that Anthem even had my data," Fayed told a gathering of privacy professionals recently at the National HIPAA Summit in Washington, D.C. "I went running around the house, 2018Why does Anthem have my data?'"
Fayed soon figured out the connection: Her previous insurer, a Blue Cross plan, was affiliated with Anthem in some way. Whoever hacked Anthem's records accessed names, Social Security numbers, dates of births, addresses and more going back a decade.
Many of those caught up in the recent string of medical data breaches are experiencing similar confusion and concern as they receive notifications from insurers. They wonder what real-world repercussions the exposure of their health care information could bring.
The Anthem breach, announced in early February, affected some 78.8 million people. Premera, another insurer based in the Pacific Northwest, recently disclosed that hackers had accessed records of 11 million people. The plans are offering several kinds of support, including credit monitoring for two years, but consumers must take steps proactively to enroll in that service.
When retailers such as Target and Home Depot have suffered data breaches, they have exposed credit card numbers, which can be canceled, containing the damage. The hacking of health insurance data is more troublesome, revealing the keys to a person's identity.
Julie Grimley, 46, a content editor for an educational software startup, initially assumed the Anthem breach wouldn't affect her because her family had coverage