Attackers backed by a foreign government were behind the attack that compromised health insurance company Anthem in 2015, a breach that compromised the information of more than 78 million people, according to the findings of an investigation into the attack.
The Anthem data breach is one of the larger health cae-related incidents ever in the United States and it has cost the company $260 million so far in technology improvements, credit monitoring, and other expenses. Anthem officials discovered the breach in January 2015 and disclosed it publicly the following month. The attack began, as many of the incidents do, with a spearphishing email, which an employee of one of Anthem’s subsidiaries opened. That led to the installation of malware on the employee’s machine, and the attacker then moved on to compromise at least 90 other computers in the organization, according to the report.
Anthem hired security firm CrowdStrike to investigate the intrusion, and the California Department of Insurance conducted an analysis of the event, as well. The analysts came to the conclusion that operators from a foreign government had initiated the attack. The report does not specify which government was involved, however.
“This was one of the largest cyber hacks of an insurance company’s customer data,” said California Insurance Commissioner Dave Jones. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach. In this case, our examination team concluded with a significant degree of confidence that the cyber attacker was acting on behalf of a foreign government. Insurers and regulators alone cannot stop foreign government assisted cyber attacks. The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyber attacks on insurers, much as the President did in response to Russian government sponsored cyber hacking in our recent presidential election.”
The Anthem breach affected 78.8 million people, including 12 million minors. The California investigation found that Anthem had reasonable security measures in place before the breach, as well as a breach response plan, which the company activated quickly after the intrusion.
“The team determined with a high degree of confidence the identity of the attacker and concluded with a medium degree of confidence that the attacker was acting on behalf of a foreign government. Notably, the exam team also advised that previous attacks associated with this foreign government have not resulted in personal information being transferred to non-state actors,” the insurance report says.
Image: Matthew Hurst, CC By-Sa license.