A breach at Conduent, a third-party business process outsourcing vendor, exposed a subset of Anthem Blue Cross Blue Shield member data via unauthorized access to Conduent-held systems, not Anthem’s direct infrastructure. The specific attack vector, data types, and affected individual count have not been publicly disclosed by either organization, limiting technical scoping. Organizations with Conduent vendor relationships should immediately verify whether their data was in scope, conduct a HIPAA breach risk assessment with legal counsel, and review Business Associate Agreement notification SLA compliance.