Not Surprised
I use a different email address with each company I deal with; so if I ever get spammed, I know whose customer database got leaked. In mid-December, 2014, the special address I use for Anthem and the state health exchange started getting weird emails. They claimed to be either Anthem or the exchange (or their representative), but all the links went to strange domains.
Anthem could not tell me whether they were subcontractors (running surveys, etc.) or scammers using leaked email addresses. These emails had all the hallmarks of the latter. Even if they were the former, I would consider sharing my email address with marketroids to be a HIPAA privacy violation.
When the breach was announced a couple of evenings ago, my first thought was "Finally, they noticed."