Microsoft recently announced the MS14-066 Schannel security flaw. Schannel is used by Windows client and server operating systems. Aetna has thoroughly assessed our systems. We do not believe that any of our systems or customer data has been compromised as a result.
We have patched all internal and external systems. We’ll continue to monitor our systems to protect our member, plan sponsor and provider data. We also have remediation plans in place, so we can quickly address any issues we find. Finally, we worked with all suppliers and vendors to assure that their systems are protected.
The recently announced “Heartbleed” vulnerability impacts a piece of software known as OpenSSL – a common software package used to assure the secure communication of data across the internet.
Like many organizations, Aetna has been working diligently to assess the impact of Heartbleed on our customers and information systems. To date we have determined that our core customer-serving and external facing systems are not impacted.
We have also instituted remediation plans to assure that we quickly address any vulnerable systems, should they be identified. We will take other precautions as necessary to protect customer data. In addition to assessing our own infrastructure, we are diligently evaluating third-party vendor appliances and applications that may be impacted. We will work closely with any impacted vendors to monitor remediation of the vulnerability.
We initiated these proactive steps following the announcement of this vulnerability on April 7.
Aetna has become aware of impostors who are calling people – often multiple times a day – and fraudulently claiming to be from Aetna. The calls may be from an automated service that repeatedly dials a number or from a live person. These calls are not being placed by, or at the direction of, Aetna.
By falsely claiming to represent Aetna, one of our companies or any other reputable company, these scam artists want to trick you into (a) sharing personal information that they will use to later steal from you; or (b) giving them money for promised goods or services that you will never receive. This form of fraud is called "phishing" and it is illegal.
What to do with a suspicious call
If you have any suspicions about a call or caller –
A suspicious number
One suspicious telephone number that has come to our attention is 571-441-0062. That number is not from Aetna or any vendor working for Aetna.
Spoofing Your Number
Aetna also has received reports that legitimate business owners have received calls from scam artists purporting to represent Aetna. Thereafter, the telephone number of that legitimate business starts cropping up on the caller IDs of other people who then receive calls from these same apparent scam artists. The technology to fake a caller ID is called "spoofing," and it is a way to disguise the source of the incoming call.
Aetna does not "spoof" the numbers of our customers or potential customers. If your number has been spoofed, report it to the local fraud unit of your telephone company and the Federal Trade Commission.
If You Think You've Been Scammed
If you believe you are a victim of a phishing scam, act quickly. Contact your financial institution immediately to report your suspicions. In many instances, you can ask your financial institution to impose a password protection to prevent the unauthorized release of funds. If necessary, report any loss of funds to your bank, the police, and the Federal Trade Commission.
Legitimate Aetna Calls
Aetna complies with the law when making calls to our members and business associates. We may need more information about a claim, for example, or we may be reaching out as part of our care management programs. If you are uneasy giving information to someone who says they are from Aetna – don’t. Instead, call the Member Services number on your ID card. Ask to have your call directed to the department asking for the information. That way, you can be sure you are giving the information to Aetna.
Want to know more about protecting your identity? Here’s another resource.