News Feature | November 30, 2015

FBI: Anthem Hack Was In The Name Of Education

Christine Kern

By Christine Kern, contributing writer

klfg

Last year’s Anthem Healthcare data breach provided a tremendous wake-up call for the healthcare industry about the dangers — and expense — of data breaches. According to Health IT Outcomes, it taught us that hackers are now on the lookout for soft targets, that improper access creates crucial security vulnerabilities, and that healthcare organizations need to employ technical, physical, and administrative safeguards to avoid future breaches.

The Anthem data breach, which was announced in February 2015, exposed the account information of as many as 80 million customers and had a ripple effect throughout healthcare, raising concerns about the safety and security of protected health information across the board, as Health IT Outcomes reported. The breach included 14 Anthem Plans and 42 non-Anthem Blue plans and exposed data including names, birth dates, Social Security numbers, and other personal information. Anthem reported individual medical or financial data did not appear to be affected.

But now, the FBI has announced that the Chinese hackers behind the breach may not have had the malicious intent to profit from the stolen data, as was supposed. In fact, federal investigators say the hack was designed to learn about the U.S. healthcare system and how it worked.

According to Fierce Health IT, security experts had already made the connection to China based on the software used in the cyberattack, while Software company Symantec traced the attack to a cyberespionage group known as Black Vine, which includes actors connected to a Beijing-based IT security firm.

According to MedCity News, investigators concluded the insurer had been hacked to help China improve its healthcare industry. Sources close to the investigation have reported the goal of the attack was to learn how other nations deal with medical care in order to improve the Chinese healthcare system.

While Anthem still could face fines and penalties as a result of the breach, now it may be more difficult to determine which standards to apply to companies that are victims of state-sponsored attacks.

The 2015 KPMG Healthcare Cybersecurity Survey found that 81 percent of healthcare executives reported that their organization has been the target of a cyberattack in the past two years.