[Micronet] Will UC alert employees with Blue Shield that PII is compromised??

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Nils Ohlson
Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Ian Crew
I’m not sure about the notification process, but one thing that’s given me and my wife a bunch of comfort in this age of security breaches is to have a security freeze on our accounts with the credit reporting agencies.  See attached for a little thing I wrote about Security Freezes a while back, to try to encourage my friends to sign up.

Cheers,

Ian



On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]> wrote:

Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

Security Freezes write-up.rtf (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Ian Crew
One of my friends just pointed me to the following article which my post about Credit Security Freezes won’t help.  Apparently Medical Identity Theft is also a thing these days.  The article does provide some suggestions for guarding yourself against that sort of thing:


Cheers,

Ian

On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]> wrote:

I’m not sure about the notification process, but one thing that’s given me and my wife a bunch of comfort in this age of security breaches is to have a security freeze on our accounts with the credit reporting agencies.  See attached for a little thing I wrote about Security Freezes a while back, to try to encourage my friends to sign up.

Cheers,

Ian

<Security Freezes write-up.rtf>

On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]> wrote:

Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Nils Ohlson
Dear Micronetters,

If anyone questions my using Micronet for this topic feel free to criticize, but I know NO OTHER forum dealing with this or related issues, and this is a data-breach affecting UC employees, so I think this fits under the Micronet tent.

NEWS:
I just called Blue Shield Concierge and they told me that only Blue Cross was affected; NOT Blue Shield. Sounded good.

HOWEVER
when I look at the website at 
Anthemfacts.com./faq
I get a different answer:

Did this impact all lines of Anthem Business?

Yes, all product lines are impacted.

Is my (plan/brand) impacted?

The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.

​Doesn't sound to me like "no, Blue Shield was not affected".

CSS replied promptly to my ​ticket to say that Anthem is going to inform people; it's basically a version of what Anthemfacts says. It sounds like Campus authorities have NOT been informed what's really going on and are relying on what is parceled out to them. I would hope that senior management would take it upon themselves to make sure that Anthem is giving them, and us, all the information we need to protect our identities.

-Nils


On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]> wrote:
One of my friends just pointed me to the following article which my post about Credit Security Freezes won’t help.  Apparently Medical Identity Theft is also a thing these days.  The article does provide some suggestions for guarding yourself against that sort of thing:


Cheers,

Ian

On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]> wrote:

I’m not sure about the notification process, but one thing that’s given me and my wife a bunch of comfort in this age of security breaches is to have a security freeze on our accounts with the credit reporting agencies.  See attached for a little thing I wrote about Security Freezes a while back, to try to encourage my friends to sign up.

Cheers,

Ian

<Security Freezes write-up.rtf>

On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]> wrote:

Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

secabeen
Anthem operates as Blue Shield in some states, but not in California.
Here Blue Shield is a completely different operation.

That said, pre-2014, UC did contract with Anthem Blue Cross, so some UC
data may be present from that previous relationship.

--Ted

On 2/5/2015 3:16 PM, Nils Ohlson wrote:

> Dear Micronetters,
>
> If anyone questions my using Micronet for this topic feel free to
> criticize, but I know NO OTHER forum dealing with this or related
> issues, and this is a data-breach affecting UC employees, so I think
> this fits under the Micronet tent.
>
> NEWS:
> I just called Blue Shield Concierge and they told me that only Blue
> Cross was affected; NOT Blue Shield. Sounded good.
>
> HOWEVER
> when I look at the website at
> Anthemfacts.com./faq
> I get a different answer:
>
>
>       Did this impact all lines of Anthem Business?
>
> Yes, all product lines are impacted.
>
>
>       Is my (plan/brand) impacted?
>
> The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross
> and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue
> Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and
> DeCare.
>
> ​Doesn't sound to me like "no, Blue Shield was not affected".
>
> CSS replied promptly to my ​ticket to say that Anthem is going to inform
> people; it's basically a version of what Anthemfacts says. It sounds
> like Campus authorities have NOT been informed what's really going on
> and are relying on what is parceled out to them. I would hope that
> senior management would take it upon themselves to make sure that Anthem
> is giving them, and us, all the information we need to protect our
> identities.
>
> -Nils
>
>
> On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     One of my friends just pointed me to the following article which my
>     post about Credit Security Freezes won’t help.  Apparently Medical
>     Identity Theft is also a thing these days.  The article does provide
>     some suggestions for guarding yourself against that sort of thing:
>
>     http://www.nbcnews.com/tech/security/anthem-hack-credit-monitoring-wont-catch-medical-identity-theft-n300836
>
>     Cheers,
>
>     Ian
>
>>     On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]
>>     <mailto:[hidden email]>> wrote:
>>
>>     I’m not sure about the notification process, but one thing that’s
>>     given me and my wife a bunch of comfort in this age of security
>>     breaches is to have a security freeze on our accounts with the
>>     credit reporting agencies.  See attached for a little thing I
>>     wrote about Security Freezes a while back, to try to encourage my
>>     friends to sign up.
>>
>>     Cheers,
>>
>>     Ian
>>
>>     <Security Freezes write-up.rtf>
>>
>>>     On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]
>>>     <mailto:[hidden email]>> wrote:
>>>
>>>     Does anyone know if UC is planning on informing employees and
>>>     retirees with Blue Shield UC Care and other Anthem health-care,
>>>     that their personally identifiable information may have been
>>>     compromised in yesterdays breach of Anthem? Anthem is saying it
>>>     could take weeks to notify people:
>>>
>>>     Data Breach FAQ's from Anthem <http://www.anthemfacts.com./>
>>>
>>>     Anyone have more info? I am very concerned about the possibility
>>>     of identity theft, as SSN's and DOB's are in the information that
>>>     was compromised, and Anthem's timeline is very long.
>>>
>>>     -Nils
>>>
>>>     --
>>>     Nils Ohlson
>>>     Administrative Analyst
>>>     U.C. Berkeley College of Chemistry
>>>     Business Office
>>>     410 Latimer Hall #1460
>>>     Berkeley, CA 94720-1460
>>>
>>>     (510) 642-1325 <tel:%28510%29%20642-1325> phone
>>>     (510) 642-4313 <tel:%28510%29%20642-4313> fax
>>>
>>>     [hidden email] <mailto:[hidden email]>
>>>
>>>
>>>     -------------------------------------------------------------------------
>>>     The following was automatically added to this message by the list
>>>     server:
>>>
>>>     To learn more about Micronet, including how to subscribe to or
>>>     unsubscribe from its mailing list and how to find out about
>>>     upcoming meetings, please visit the Micronet Web site:
>>>
>>>     http://micronet.berkeley.edu <http://micronet.berkeley.edu/>
>>>
>>>     Messages you send to this mailing list are public and
>>>     world-viewable, and the list's archives can be browsed and
>>>     searched on the Internet.  This means these messages can be
>>>     viewed by (among others) your bosses, prospective employers, and
>>>     people who have known you in the past.
>>
>>     ___
>>     Ian Crew
>>
>>     IST-Architecture, Platforms and Integration (API)
>>     Earl Warren Hall, Second Floor
>>     University of California, Berkeley
>>
>
>     ___
>     Ian Crew
>
>     IST-Architecture, Platforms and Integration (API)
>     Earl Warren Hall, Second Floor
>     University of California, Berkeley
>
>
>
>     -------------------------------------------------------------------------
>     The following was automatically added to this message by the list
>     server:
>
>     To learn more about Micronet, including how to subscribe to or
>     unsubscribe from its mailing list and how to find out about upcoming
>     meetings, please visit the Micronet Web site:
>
>     http://micronet.berkeley.edu
>
>     Messages you send to this mailing list are public and
>     world-viewable, and the list's archives can be browsed and searched
>     on the Internet.  This means these messages can be viewed by (among
>     others) your bosses, prospective employers, and people who have
>     known you in the past.
>
>
>
>
> --
> Nils Ohlson
> Administrative Analyst
> U.C. Berkeley College of Chemistry
> Business Office
> 410 Latimer Hall #1460
> Berkeley, CA 94720-1460
>
> (510) 642-1325 <tel:%28510%29%20642-1325> phone
> (510) 642-4313 <tel:%28510%29%20642-4313> fax
>
> [hidden email] <mailto:[hidden email]>
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Jeffrey KREUTZEN
In reply to this post by Nils Ohlson

On Thu, Feb 5, 2015 at 3:16 PM, Nils Ohlson <[hidden email]> wrote:
Dear Micronetters,

If anyone questions my using Micronet for this topic feel free to criticize, but I know NO OTHER forum dealing with this or related issues, and this is a data-breach affecting UC employees, so I think this fits under the Micronet tent.

NEWS:
I just called Blue Shield Concierge and they told me that only Blue Cross was affected; NOT Blue Shield. Sounded good.

HOWEVER
when I look at the website at 
Anthemfacts.com./faq
I get a different answer:

Did this impact all lines of Anthem Business?

Yes, all product lines are impacted.

Is my (plan/brand) impacted?

The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.

​Doesn't sound to me like "no, Blue Shield was not affected".

CSS replied promptly to my ​ticket to say that Anthem is going to inform people; it's basically a version of what Anthemfacts says. It sounds like Campus authorities have NOT been informed what's really going on and are relying on what is parceled out to them. I would hope that senior management would take it upon themselves to make sure that Anthem is giving them, and us, all the information we need to protect our identities.

-Nils


On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]> wrote:
One of my friends just pointed me to the following article which my post about Credit Security Freezes won’t help.  Apparently Medical Identity Theft is also a thing these days.  The article does provide some suggestions for guarding yourself against that sort of thing:


Cheers,

Ian

On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]> wrote:

I’m not sure about the notification process, but one thing that’s given me and my wife a bunch of comfort in this age of security breaches is to have a security freeze on our accounts with the credit reporting agencies.  See attached for a little thing I wrote about Security Freezes a while back, to try to encourage my friends to sign up.

Cheers,

Ian

<Security Freezes write-up.rtf>

On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]> wrote:

Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Jon Johnsen-3
In reply to this post by Nils Ohlson
Depending on the kinds of data involved, some of this discussion might better confined to the ucb-security list, as Michael Sinatra suggested.  Or even off-line.

Jon Johnsen, another (ex) Coordinator
Richmond, CA


On 2/5/2015 3:16 PM, Nils Ohlson wrote:
Dear Micronetters,

If anyone questions my using Micronet for this topic feel free to criticize, but I know NO OTHER forum dealing with this or related issues, and this is a data-breach affecting UC employees, so I think this fits under the Micronet tent.

NEWS:
I just called Blue Shield Concierge and they told me that only Blue Cross was affected; NOT Blue Shield. Sounded good.

HOWEVER
when I look at the website at 
Anthemfacts.com./faq
I get a different answer:

Did this impact all lines of Anthem Business?

Yes, all product lines are impacted.

Is my (plan/brand) impacted?

The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.

​Doesn't sound to me like "no, Blue Shield was not affected".

CSS replied promptly to my ​ticket to say that Anthem is going to inform people; it's basically a version of what Anthemfacts says. It sounds like Campus authorities have NOT been informed what's really going on and are relying on what is parceled out to them. I would hope that senior management would take it upon themselves to make sure that Anthem is giving them, and us, all the information we need to protect our identities.

-Nils


On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]> wrote:
One of my friends just pointed me to the following article which my post about Credit Security Freezes won’t help.  Apparently Medical Identity Theft is also a thing these days.  The article does provide some suggestions for guarding yourself against that sort of thing:


Cheers,

Ian

On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]> wrote:

I’m not sure about the notification process, but one thing that’s given me and my wife a bunch of comfort in this age of security breaches is to have a security freeze on our accounts with the credit reporting agencies.  See attached for a little thing I wrote about Security Freezes a while back, to try to encourage my friends to sign up.

Cheers,

Ian

<Security Freezes write-up.rtf>

On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]> wrote:

Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a moz-do-not-send="true" href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a moz-do-not-send="true" href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a moz-do-not-send="true" href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a moz-do-not-send="true" href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Nils Ohlson
Hello Jon,

I think we're still at the stage of needing information more widely spread, not confined. Once attack vectors or mitigation measures are discussed, that would have to be a Security list discussion. But I don't think that's likely to come up in this discussion, since the attack was all off-site.

-Nils

On Thu, Feb 5, 2015 at 4:12 PM, Jon Johnsen <[hidden email]> wrote:
Depending on the kinds of data involved, some of this discussion might better confined to the ucb-security list, as Michael Sinatra suggested.  Or even off-line.

Jon Johnsen, another (ex) Coordinator
Richmond, CA


On 2/5/2015 3:16 PM, Nils Ohlson wrote:
Dear Micronetters,

If anyone questions my using Micronet for this topic feel free to criticize, but I know NO OTHER forum dealing with this or related issues, and this is a data-breach affecting UC employees, so I think this fits under the Micronet tent.

NEWS:
I just called Blue Shield Concierge and they told me that only Blue Cross was affected; NOT Blue Shield. Sounded good.

HOWEVER
when I look at the website at 
Anthemfacts.com./faq
I get a different answer:

Did this impact all lines of Anthem Business?

Yes, all product lines are impacted.

Is my (plan/brand) impacted?

The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.

​Doesn't sound to me like "no, Blue Shield was not affected".

CSS replied promptly to my ​ticket to say that Anthem is going to inform people; it's basically a version of what Anthemfacts says. It sounds like Campus authorities have NOT been informed what's really going on and are relying on what is parceled out to them. I would hope that senior management would take it upon themselves to make sure that Anthem is giving them, and us, all the information we need to protect our identities.

-Nils


On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]> wrote:
One of my friends just pointed me to the following article which my post about Credit Security Freezes won’t help.  Apparently Medical Identity Theft is also a thing these days.  The article does provide some suggestions for guarding yourself against that sort of thing:


Cheers,

Ian

On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]> wrote:

I’m not sure about the notification process, but one thing that’s given me and my wife a bunch of comfort in this age of security breaches is to have a security freeze on our accounts with the credit reporting agencies.  See attached for a little thing I wrote about Security Freezes a while back, to try to encourage my friends to sign up.

Cheers,

Ian

<Security Freezes write-up.rtf>

On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]> wrote:

Does anyone know if UC is planning on informing employees and retirees with Blue Shield UC Care and other Anthem health-care, that their personally identifiable information may have been compromised in yesterdays breach of Anthem? Anthem is saying it could take weeks to notify people:


Anyone have more info? I am very concerned about the possibility of identity theft, as SSN's and DOB's are in the information that was compromised, and Anthem's timeline is very long.

-Nils

--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

<a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 phone
<a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 fax

[hidden email]



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Michael Sinatra-3
In reply to this post by Jon Johnsen-3
Since most (all?) of the information we're discussing is already public,
this probably doesn't need to go to ucb-security, although I certainly
wouldn't object

I think this could go either way.  It is a security related topic, but
the discussion is based on public information.  Micronet is a fine venue
for public information sharing, so it could really be either.

michael

On 02/05/2015 16:12, Jon Johnsen wrote:

> Depending on the kinds of data involved, some of this discussion might
> better confined to the ucb-security list, as Michael Sinatra suggested.
> Or even off-line.
>
> *Jon Johnsen, another (ex) Coordinator
> Richmond, CA*
>
> On 2/5/2015 3:16 PM, Nils Ohlson wrote:
>> Dear Micronetters,
>>
>> If anyone questions my using Micronet for this topic feel free to
>> criticize, but I know NO OTHER forum dealing with this or related
>> issues, and this is a data-breach affecting UC employees, so I think
>> this fits under the Micronet tent.
>>
>> NEWS:
>> I just called Blue Shield Concierge and they told me that only Blue
>> Cross was affected; NOT Blue Shield. Sounded good.
>>
>> HOWEVER
>> when I look at the website at
>> Anthemfacts.com./faq
>> I get a different answer:
>>
>>
>>       Did this impact all lines of Anthem Business?
>>
>> Yes, all product lines are impacted.
>>
>>
>>       Is my (plan/brand) impacted?
>>
>> The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross
>> and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue
>> Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and
>> DeCare.
>>
>> ​Doesn't sound to me like "no, Blue Shield was not affected".
>>
>> CSS replied promptly to my ​ticket to say that Anthem is going to
>> inform people; it's basically a version of what Anthemfacts says. It
>> sounds like Campus authorities have NOT been informed what's really
>> going on and are relying on what is parceled out to them. I would hope
>> that senior management would take it upon themselves to make sure that
>> Anthem is giving them, and us, all the information we need to protect
>> our identities.
>>
>> -Nils
>>
>>
>> On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     One of my friends just pointed me to the following article which
>>     my post about Credit Security Freezes won’t help.  Apparently
>>     Medical Identity Theft is also a thing these days.  The article
>>     does provide some suggestions for guarding yourself against that
>>     sort of thing:
>>
>>     http://www.nbcnews.com/tech/security/anthem-hack-credit-monitoring-wont-catch-medical-identity-theft-n300836
>>
>>     Cheers,
>>
>>     Ian
>>
>>>     On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]
>>>     <mailto:[hidden email]>> wrote:
>>>
>>>     I’m not sure about the notification process, but one thing that’s
>>>     given me and my wife a bunch of comfort in this age of security
>>>     breaches is to have a security freeze on our accounts with the
>>>     credit reporting agencies.  See attached for a little thing I
>>>     wrote about Security Freezes a while back, to try to encourage my
>>>     friends to sign up.
>>>
>>>     Cheers,
>>>
>>>     Ian
>>>
>>>     <Security Freezes write-up.rtf>
>>>
>>>>     On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]
>>>>     <mailto:[hidden email]>> wrote:
>>>>
>>>>     Does anyone know if UC is planning on informing employees and
>>>>     retirees with Blue Shield UC Care and other Anthem health-care,
>>>>     that their personally identifiable information may have been
>>>>     compromised in yesterdays breach of Anthem? Anthem is saying it
>>>>     could take weeks to notify people:
>>>>
>>>>     Data Breach FAQ's from Anthem <http://www.anthemfacts.com./>
>>>>
>>>>     Anyone have more info? I am very concerned about the possibility
>>>>     of identity theft, as SSN's and DOB's are in the information
>>>>     that was compromised, and Anthem's timeline is very long.
>>>>
>>>>     -Nils
>>>>
>>>>     --
>>>>     Nils Ohlson
>>>>     Administrative Analyst
>>>>     U.C. Berkeley College of Chemistry
>>>>     Business Office
>>>>     410 Latimer Hall #1460
>>>>     Berkeley, CA 94720-1460
>>>>
>>>>     (510) 642-1325 <tel:%28510%29%20642-1325> phone
>>>>     (510) 642-4313 <tel:%28510%29%20642-4313> fax
>>>>
>>>>     [hidden email] <mailto:[hidden email]>
>>>>
>>>>
>>>>     -------------------------------------------------------------------------
>>>>     The following was automatically added to this message by the
>>>>     list server:
>>>>
>>>>     To learn more about Micronet, including how to subscribe to or
>>>>     unsubscribe from its mailing list and how to find out about
>>>>     upcoming meetings, please visit the Micronet Web site:
>>>>
>>>>     http://micronet.berkeley.edu <http://micronet.berkeley.edu/>
>>>>
>>>>     Messages you send to this mailing list are public and
>>>>     world-viewable, and the list's archives can be browsed and
>>>>     searched on the Internet.  This means these messages can be
>>>>     viewed by (among others) your bosses, prospective employers, and
>>>>     people who have known you in the past.
>>>
>>>     ___
>>>     Ian Crew
>>>
>>>     IST-Architecture, Platforms and Integration (API)
>>>     Earl Warren Hall, Second Floor
>>>     University of California, Berkeley
>>>
>>
>>     ___
>>     Ian Crew
>>
>>     IST-Architecture, Platforms and Integration (API)
>>     Earl Warren Hall, Second Floor
>>     University of California, Berkeley
>>
>>
>>
>>     -------------------------------------------------------------------------
>>     The following was automatically added to this message by the list
>>     server:
>>
>>     To learn more about Micronet, including how to subscribe to or
>>     unsubscribe from its mailing list and how to find out about
>>     upcoming meetings, please visit the Micronet Web site:
>>
>>     http://micronet.berkeley.edu
>>
>>     Messages you send to this mailing list are public and
>>     world-viewable, and the list's archives can be browsed and
>>     searched on the Internet.  This means these messages can be viewed
>>     by (among others) your bosses, prospective employers, and people
>>     who have known you in the past.
>>
>>
>>
>>
>> --
>> Nils Ohlson
>> Administrative Analyst
>> U.C. Berkeley College of Chemistry
>> Business Office
>> 410 Latimer Hall #1460
>> Berkeley, CA 94720-1460
>>
>> (510) 642-1325 <tel:%28510%29%20642-1325> phone
>> (510) 642-4313 <tel:%28510%29%20642-4313> fax
>>
>> [hidden email] <mailto:[hidden email]>
>>
>>
>>
>>  
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Steve Masover

On Fri, Feb 6, 2015 at 3:30 PM, Michael Sinatra <[hidden email]> wrote:
Since most (all?) of the information we're discussing is already public,
this probably doesn't need to go to ucb-security, although I certainly
wouldn't object

I think this could go either way.  It is a security related topic, but
the discussion is based on public information.  Micronet is a fine venue
for public information sharing, so it could really be either.

michael

On 02/05/2015 16:12, Jon Johnsen wrote:
> Depending on the kinds of data involved, some of this discussion might
> better confined to the ucb-security list, as Michael Sinatra suggested.
> Or even off-line.
>
> *Jon Johnsen, another (ex) Coordinator
> Richmond, CA*
>
> On 2/5/2015 3:16 PM, Nils Ohlson wrote:
>> Dear Micronetters,
>>
>> If anyone questions my using Micronet for this topic feel free to
>> criticize, but I know NO OTHER forum dealing with this or related
>> issues, and this is a data-breach affecting UC employees, so I think
>> this fits under the Micronet tent.
>>
>> NEWS:
>> I just called Blue Shield Concierge and they told me that only Blue
>> Cross was affected; NOT Blue Shield. Sounded good.
>>
>> HOWEVER
>> when I look at the website at
>> Anthemfacts.com./faq
>> I get a different answer:
>>
>>
>>       Did this impact all lines of Anthem Business?
>>
>> Yes, all product lines are impacted.
>>
>>
>>       Is my (plan/brand) impacted?
>>
>> The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross
>> and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue
>> Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and
>> DeCare.
>>
>> ​Doesn't sound to me like "no, Blue Shield was not affected".
>>
>> CSS replied promptly to my ​ticket to say that Anthem is going to
>> inform people; it's basically a version of what Anthemfacts says. It
>> sounds like Campus authorities have NOT been informed what's really
>> going on and are relying on what is parceled out to them. I would hope
>> that senior management would take it upon themselves to make sure that
>> Anthem is giving them, and us, all the information we need to protect
>> our identities.
>>
>> -Nils
>>
>>
>> On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     One of my friends just pointed me to the following article which
>>     my post about Credit Security Freezes won’t help.  Apparently
>>     Medical Identity Theft is also a thing these days.  The article
>>     does provide some suggestions for guarding yourself against that
>>     sort of thing:
>>
>>     http://www.nbcnews.com/tech/security/anthem-hack-credit-monitoring-wont-catch-medical-identity-theft-n300836
>>
>>     Cheers,
>>
>>     Ian
>>
>>>     On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]
>>>     <mailto:[hidden email]>> wrote:
>>>
>>>     I’m not sure about the notification process, but one thing that’s
>>>     given me and my wife a bunch of comfort in this age of security
>>>     breaches is to have a security freeze on our accounts with the
>>>     credit reporting agencies.  See attached for a little thing I
>>>     wrote about Security Freezes a while back, to try to encourage my
>>>     friends to sign up.
>>>
>>>     Cheers,
>>>
>>>     Ian
>>>
>>>     <Security Freezes write-up.rtf>
>>>
>>>>     On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]
>>>>     <mailto:[hidden email]>> wrote:
>>>>
>>>>     Does anyone know if UC is planning on informing employees and
>>>>     retirees with Blue Shield UC Care and other Anthem health-care,
>>>>     that their personally identifiable information may have been
>>>>     compromised in yesterdays breach of Anthem? Anthem is saying it
>>>>     could take weeks to notify people:
>>>>
>>>>     Data Breach FAQ's from Anthem <http://www.anthemfacts.com./>
>>>>
>>>>     Anyone have more info? I am very concerned about the possibility
>>>>     of identity theft, as SSN's and DOB's are in the information
>>>>     that was compromised, and Anthem's timeline is very long.
>>>>
>>>>     -Nils
>>>>
>>>>     --
>>>>     Nils Ohlson
>>>>     Administrative Analyst
>>>>     U.C. Berkeley College of Chemistry
>>>>     Business Office
>>>>     410 Latimer Hall #1460
>>>>     Berkeley, CA 94720-1460
>>>>
>>>>     <a href="tel:%28510%29%20642-1325" value="+15106421325">(510) 642-1325 <tel:%28510%29%20642-1325> phone
>>>>     <a href="tel:%28510%29%20642-4313" value="+15106424313">(510) 642-4313 <tel:%28510%29%20642-4313> fax
>>>>
>>>>     [hidden email] <mailto:[hidden email]>
>>>>
>>>>
>>>>     -------------------------------------------------------------------------
>>>>     The following was automatically added to this message by the
>>>>     list server:
>>>>
>>>>     To learn more about Micronet, including how to subscribe to or
>>>>     unsubscribe from its mailing list and how to find out about
>>>>     upcoming meetings, please visit the Micronet Web site:
>>>>
>>>>     http://micronet.berkeley.edu <http://micronet.berkeley.edu/>
>>>>
>>>>     Messages you send to this mailing list are public and
>>>>     world-viewable, and the list's archives can be browsed and
>>>>     searched on the Internet.  This means these messages can be
>>>>     viewed by (among others) your bosses, prospective employers, and
>>>>     people who have known you in the past.
>>>
>>>     ___
>>>     Ian Crew
>>>
>>>     IST-Architecture, Platforms and Integration (API)
>>>     Earl Warren Hall, Second Floor
>>>     University of California, Berkeley
>>>
>>
>>     ___
>>     Ian Crew
>>
>>     IST-Architecture, Platforms and Integration (API)
>>     Earl Warren Hall, Second Floor
>>     University of California, Berkeley
>>
>>
>>
>>     -------------------------------------------------------------------------
>>     The following was automatically added to this message by the list
>>     server:
>>
>>     To learn more about Micronet, including how to subscribe to or
>>     unsubscribe from its mailing list and how to find out about
>>     upcoming meetings, please visit the Micronet Web site:
>>
>>     http://micronet.berkeley.edu
>>
>>     Messages you send to this mailing list are public and
>>     world-viewable, and the list's archives can be browsed and
>>     searched on the Internet.  This means these messages can be viewed
>>     by (among others) your bosses, prospective employers, and people
>>     who have known you in the past.
>>
>>
>>
>>
>> --
>> Nils Ohlson
>> Administrative Analyst
>> U.C. Berkeley College of Chemistry
>> Business Office
>> 410 Latimer Hall #1460
>> Berkeley, CA 94720-1460
>>
>> <a href="tel:%28510%29%20642-1325" value="+15106421325">(510) 642-1325 <tel:%28510%29%20642-1325> phone
>> <a href="tel:%28510%29%20642-4313" value="+15106424313">(510) 642-4313 <tel:%28510%29%20642-4313> fax
>>
>> [hidden email] <mailto:[hidden email]>
>>
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Steve Masover
Research Information Technology (Research IT)
510-642-8488

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Michael Sinatra-3
In reply to this post by Jeffrey KREUTZEN
On 02/05/2015 16:12, Jeffrey KREUTZEN wrote:
>  http://ucnet.universityofcalifornia.edu/news/2015/02/important-information-for-former-anthem-members-about-recent-cyber-attack.html

WARNING: This is a long email, with largely speculative musings.  If you
don't fancy such a thing, please delete this message now, and accept my
apologies for wasting bits.

I was intrigued by the first paragraph:


As many of you have heard in the news, Anthem, Inc. disclosed today
(Feb. 4, 2015) that the health insurer was the target of a *very
sophisticated* external cyber attack and that data for its 80 million
members was accessed. This potentially includes information about UC
students, faculty, staff and retirees, as well as their dependents.

[emphasis added]

Now it's prediction time: Many people are predicting random stuff about
2015 and information security.  People are saying stuff like, there
will/won't be acts of cyber-war committed, etc.  The prediction I would
make, were I qualified to do so, is more subtle.

Many of the recent attacks that we have seen (Sony, Target, Anthem) have
been "very sophisticated."  In 2015, it will be time to finally
recognize that "very sophisticated" attacks, aka APTs, are the new
normal.  And my prediction is that people will recognize this.  That
means that everyone's worst-case scenario becomes worse than before, and
the "likely" scenario starts to look more like the worst-case scenario.
 This drastically changes the accounting equations, as the security
component (either cleaning up after messes like Anthem, Sony, etc. or
trying to prevent them) becomes much more expensive.  It also changes
the calculus for IT in general.  Far from being magic pixie dust that
solves all efficiency problems and reduces costs, IT might start to look
like a money pit.  My own worst-case scenario is that it looks like
black magic, as I mentioned in my Micronet presentation.

"Whether to put something on the Internet" will no longer be a
no-brainer.  SCADA systems will be completely air-gapped, but it may go
way beyond that.  It may start out that the new security awareness leads
to more requirements, which increase costs.  At what point is someone in
a position of power going to start wondering where all that money is
going and why the new "requirements" are so expensive?  The initial
response will be a knee-jerk reaction to outsource, except that the
security requirements for outsourcing will be more complicated and that,
coupled with integration costs, will drive outsourcing costs through the
roof.  So at some point, someone in power may throw up their hands and
say "let's see what we can turn off" and they will be ruthless about it.
 It's also likely that new IT projects will have a much harder time
getting off the ground.

Like most predictions, I am probably wrong.  But I'll keep the fantasy
going with one more logical stretch: Is it possible that we'll see a
small non-sectarian college somewhere begin to use a *lack* of
"wiredness" as an advertising campaign?  If colleges and universities
have to dump even more money into IT, people will start to ask if IT is
making our students smarter.  To again use my favorite quote from
Durkheim: "Nothing is less certain."

The one place where we can still make an argument for IT is on the
research side, where IT can really save money and the security issues
might be *somewhat* more tractable.  But we, as part of the research and
education IT community, will still need to work hard to evangelize
because people will no longer accept "IT saves money" as an article of
faith.  We'll need to work hard to prevent throwing the baby out with
the bathwater, but we'll probably also need to work hard to actually
throw out the bathwater.

If you have read this far, thanks for indulging me, and feel free to
send me some of your predictions.  If you don't want to reply to the
list, just reply to me.

Happy Friday.
michael

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

Lisa McNeilly
In reply to this post by Steve Masover
I just got sent the below information about this:


***

UCOP has a website with info about the hack of Anthem, which serves as a health insurer for UC.  Potentially more alarmingly, someone has followed the hack with a phishing scam that uses the Anthem logo in an email and offers (fake) security monitoring.  See info below, which is copied from the UCOP page.


[intro from web page]

Editor's note: On Feb. 6, Anthem notified UC of a phishing scam related to the cyber attack. The phishing scam, which uses Anthem’s logoPDF, includes an offer to sign up for a year of credit card protection. If you receive this or a similar email, do not respond to or click on any links.  Anthem is not calling or emailing members.

As many of you have heard in the news, Anthem, Inc. disclosed today (Feb. 5, 2015) that the health insurer was the target of a very sophisticated external cyber attack and that data for its 80 million members was accessed. This potentially includes information about UC students, faculty, staff and retirees, as well as their dependents.





Lisa McNeilly
Director of Sustainability and Energy
University of California, Berkeley

203 A&E, MC 1382
Berkeley, CA  94720-1382
(510) 643-5907

On Fri, Feb 6, 2015 at 3:37 PM, Steve MASOVER <[hidden email]> wrote:

On Fri, Feb 6, 2015 at 3:30 PM, Michael Sinatra <[hidden email]> wrote:
Since most (all?) of the information we're discussing is already public,
this probably doesn't need to go to ucb-security, although I certainly
wouldn't object

I think this could go either way.  It is a security related topic, but
the discussion is based on public information.  Micronet is a fine venue
for public information sharing, so it could really be either.

michael

On 02/05/2015 16:12, Jon Johnsen wrote:
> Depending on the kinds of data involved, some of this discussion might
> better confined to the ucb-security list, as Michael Sinatra suggested.
> Or even off-line.
>
> *Jon Johnsen, another (ex) Coordinator
> Richmond, CA*
>
> On 2/5/2015 3:16 PM, Nils Ohlson wrote:
>> Dear Micronetters,
>>
>> If anyone questions my using Micronet for this topic feel free to
>> criticize, but I know NO OTHER forum dealing with this or related
>> issues, and this is a data-breach affecting UC employees, so I think
>> this fits under the Micronet tent.
>>
>> NEWS:
>> I just called Blue Shield Concierge and they told me that only Blue
>> Cross was affected; NOT Blue Shield. Sounded good.
>>
>> HOWEVER
>> when I look at the website at
>> Anthemfacts.com./faq
>> I get a different answer:
>>
>>
>>       Did this impact all lines of Anthem Business?
>>
>> Yes, all product lines are impacted.
>>
>>
>>       Is my (plan/brand) impacted?
>>
>> The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross
>> and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue
>> Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and
>> DeCare.
>>
>> ​Doesn't sound to me like "no, Blue Shield was not affected".
>>
>> CSS replied promptly to my ​ticket to say that Anthem is going to
>> inform people; it's basically a version of what Anthemfacts says. It
>> sounds like Campus authorities have NOT been informed what's really
>> going on and are relying on what is parceled out to them. I would hope
>> that senior management would take it upon themselves to make sure that
>> Anthem is giving them, and us, all the information we need to protect
>> our identities.
>>
>> -Nils
>>
>>
>> On Thu, Feb 5, 2015 at 2:42 PM, Ian Crew <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     One of my friends just pointed me to the following article which
>>     my post about Credit Security Freezes won’t help.  Apparently
>>     Medical Identity Theft is also a thing these days.  The article
>>     does provide some suggestions for guarding yourself against that
>>     sort of thing:
>>
>>     http://www.nbcnews.com/tech/security/anthem-hack-credit-monitoring-wont-catch-medical-identity-theft-n300836
>>
>>     Cheers,
>>
>>     Ian
>>
>>>     On Feb 5, 2015, at 11:01 AM, Ian Crew <[hidden email]
>>>     <mailto:[hidden email]>> wrote:
>>>
>>>     I’m not sure about the notification process, but one thing that’s
>>>     given me and my wife a bunch of comfort in this age of security
>>>     breaches is to have a security freeze on our accounts with the
>>>     credit reporting agencies.  See attached for a little thing I
>>>     wrote about Security Freezes a while back, to try to encourage my
>>>     friends to sign up.
>>>
>>>     Cheers,
>>>
>>>     Ian
>>>
>>>     <Security Freezes write-up.rtf>
>>>
>>>>     On Feb 5, 2015, at 10:14 AM, Nils Ohlson <[hidden email]
>>>>     <mailto:[hidden email]>> wrote:
>>>>
>>>>     Does anyone know if UC is planning on informing employees and
>>>>     retirees with Blue Shield UC Care and other Anthem health-care,
>>>>     that their personally identifiable information may have been
>>>>     compromised in yesterdays breach of Anthem? Anthem is saying it
>>>>     could take weeks to notify people:
>>>>
>>>>     Data Breach FAQ's from Anthem <http://www.anthemfacts.com./>
>>>>
>>>>     Anyone have more info? I am very concerned about the possibility
>>>>     of identity theft, as SSN's and DOB's are in the information
>>>>     that was compromised, and Anthem's timeline is very long.
>>>>
>>>>     -Nils
>>>>
>>>>     --
>>>>     Nils Ohlson
>>>>     Administrative Analyst
>>>>     U.C. Berkeley College of Chemistry
>>>>     Business Office
>>>>     410 Latimer Hall #1460
>>>>     Berkeley, CA 94720-1460
>>>>
>>>>     <a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 <tel:%28510%29%20642-1325> phone
>>>>     <a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 <tel:%28510%29%20642-4313> fax
>>>>
>>>>     [hidden email] <mailto:[hidden email]>
>>>>
>>>>
>>>>     -------------------------------------------------------------------------
>>>>     The following was automatically added to this message by the
>>>>     list server:
>>>>
>>>>     To learn more about Micronet, including how to subscribe to or
>>>>     unsubscribe from its mailing list and how to find out about
>>>>     upcoming meetings, please visit the Micronet Web site:
>>>>
>>>>     http://micronet.berkeley.edu <http://micronet.berkeley.edu/>
>>>>
>>>>     Messages you send to this mailing list are public and
>>>>     world-viewable, and the list's archives can be browsed and
>>>>     searched on the Internet.  This means these messages can be
>>>>     viewed by (among others) your bosses, prospective employers, and
>>>>     people who have known you in the past.
>>>
>>>     ___
>>>     Ian Crew
>>>
>>>     IST-Architecture, Platforms and Integration (API)
>>>     Earl Warren Hall, Second Floor
>>>     University of California, Berkeley
>>>
>>
>>     ___
>>     Ian Crew
>>
>>     IST-Architecture, Platforms and Integration (API)
>>     Earl Warren Hall, Second Floor
>>     University of California, Berkeley
>>
>>
>>
>>     -------------------------------------------------------------------------
>>     The following was automatically added to this message by the list
>>     server:
>>
>>     To learn more about Micronet, including how to subscribe to or
>>     unsubscribe from its mailing list and how to find out about
>>     upcoming meetings, please visit the Micronet Web site:
>>
>>     http://micronet.berkeley.edu
>>
>>     Messages you send to this mailing list are public and
>>     world-viewable, and the list's archives can be browsed and
>>     searched on the Internet.  This means these messages can be viewed
>>     by (among others) your bosses, prospective employers, and people
>>     who have known you in the past.
>>
>>
>>
>>
>> --
>> Nils Ohlson
>> Administrative Analyst
>> U.C. Berkeley College of Chemistry
>> Business Office
>> 410 Latimer Hall #1460
>> Berkeley, CA 94720-1460
>>
>> <a href="tel:%28510%29%20642-1325" value="+15106421325" target="_blank">(510) 642-1325 <tel:%28510%29%20642-1325> phone
>> <a href="tel:%28510%29%20642-4313" value="+15106424313" target="_blank">(510) 642-4313 <tel:%28510%29%20642-4313> fax
>>
>> [hidden email] <mailto:[hidden email]>
>>
>>
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Steve Masover
Research Information Technology (Research IT)
<a href="tel:510-642-8488" value="+15106428488" target="_blank">510-642-8488


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Will UC alert employees with Blue Shield that PII is compromised??

paul rivers
In reply to this post by Michael Sinatra-3
On 02/06/2015 04:08 PM, Michael Sinatra wrote:
[Stuff snipped]
> Like most predictions, I am probably wrong.  But I'll keep the fantasy
> going with one more logical stretch: Is it possible that we'll see a
> small non-sectarian college somewhere begin to use a *lack* of
> "wiredness" as an advertising campaign?  If colleges and universities
> have to dump even more money into IT, people will start to ask if IT is
> making our students smarter.  To again use my favorite quote from
> Durkheim: "Nothing is less certain."

I would hope that such a campus would have the panache to hire Edward
James Olmos as a spokesperson. Advertising posters would feature a
picture of Campus (perhaps with a battlestar faintly visible in the sky
above), with a stern Admiral Adama looking at you, arms crossed, with
"Not on my campus" in block letters beneath. The cylons are indeed
everywhere, and they are very crafty with those firewalls.

Regards,
Paul



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.