News Feature | January 23, 2017

2015 Anthem Data Breach Has Been Tied To Foreign Government

Christine Kern

By Christine Kern, contributing writer

6 Security Laws IT Solutions Providers Should Know

Anthem to pay $260 million to close IT security gaps in wake of findings.

The 2015 Anthem Data breach is a watershed event for healthcare cybersecurity. Likely the largest healthcare data hack to date, it created a ripple effect that swept through healthcare, raising concerns about the safety and security of personal information as well as demands for legislation requiring encryption of all health records. All told, the Anthem data breach exposed the account information of as many as 80 million customers.

Now, investigators believe a foreign government may have instigated the Anthem attack, though they declined to identify the hackers or the foreign government. Earlier speculation pointed to the Chinese conducting the attack to learn how the U.S. healthcare system operated. According to FierceHealthcare, security experts made the connection to China based on the software used in the cyberattack. Software company Symantec traced the attack to a cyberespionage group known as Black Vine, which includes actors connected to a Beijing-based IT security firm.

The California Department of Insurance issued a press release regarding the latest findings from cybersecurity firm CrowdStrike, which says it has identified the hackers with “high confidence,” and have “medium confidence” they were indeed working for a foreign government, according to a report released by California Insurance Commissioner Dave Jones.

“Insurers have an obligation to make sure consumers’ health and financial information is protected,” Jones says. “Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach. In this case, our examination team concluded with a significant degree of confidence that the cyber attacker was acting on behalf of a foreign government. Insurers and regulators alone cannot stope foreign government assisted cyber attacks. The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyber attacks on insurers, much as the President did in response to Russian government sponsored cyber hacking in our recent presidential election.”

Federal law enforcement officials requested Jones not identify the foreign government due to an ongoing investigation, said Madison Voss, a spokeswoman for the insurance department. Previous attacks by that same government have not resulted in personal information being sent to non-governmental entities, CrowdStrike said in its report.

Crowdstrike investigators found hackers broke into Anthem’s database in February 2014 using a phishing email, evading multiple layers of security. Anthem is now investing $260 million to patch vulnerabilities in its IT security network. California insurance commissioners found Anthem’s security shortfalls were not atypical for a company its size and thus refrained from issuing fines or other punishments.