We are actively reaching out to Anthem, insurance providers and other attorneys general to determine the extent of the breach in Massachusetts,’’ and the circumstances behind it, Healey said in a statement.

Anthem, part of the Blue Cross Blue Shield federation, sells insurance in more than a dozen states, but Blue Cross Blue Shield of Massachusetts is a separate, independently run entity, said spokeswoman Sharon Torgerson. “If we find out our members are impacted, we will communicate and take appropriate, timely action,” she said.

The hackers may have simply been probing Anthem’s defenses and planning to return with a much larger attack, said Eran Barak, chief executive of cybersecurity company Hexadite.

Other experts caution that the hackers may have indeed made off with medical data, but Anthem has not discovered that yet.

Criminals who get Social Security or health insurance account numbers have shown more sophistication than the average fraudster, said Pam Dixon, executive director of the World Privacy Forum. Rather than use the information right away, she said, some crooks will sit on Social Security or insurance files for a year or more before using them fraudulently.

‘‘What they like to do is season the data for a time, to allow the credit monitoring subscription to expire, and wait until people get sloppy or complacent’’ about monitoring their accounts for fraud, she said.

Health data also commands a higher price than credit card accounts in the marketplace for stolen information, said Al Pascual, a senior analyst at Javelin Strategy & Research.

‘A health record has everything.’

Al Pascual, Javelin Strategy & Research analyst, on the appeal of medical files over credit card numbers for cyber thieves, a financial research firm

He estimated last fall that a medical record might fetch $50, while credit card information may be worth $5.

‘‘A health record has everything — financial account information, Social Security number, health information.’’