Foreign government suspected in Anthem cyber security breach

The California Department of Insurance has released its findings and settlement agreement in regards to the security breach of the insurance company Anthem. More than 78 million patient records, 12 million belonging to minors, were breached Jan. 27, 2015.

"This was one of the largest cyber hacks of an insurance company's customer data," said California Insurance Commissioner Dave Jones. "Insurers have an obligation to make sure consumers' health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach. In this case, our examination team concluded with a significant degree of confidence that the cyber attacker was acting on behalf of a foreign government. Insurers and regulators alone cannot stop foreign government assisted cyber-attacks."

Anthem’s examination team, which partnered with information security firm Mandiant, found the data breach began Feb. 14, 2014, when a user at an Anthem subsidiary opened a corrupted phishing email. The email then allowed the hacker(s) to download malicious files onto the user’s computer, giving hackers access to 90 other Anthem systems that included Anthem’s data warehouse.

In an investigation of Anthem’s pre-breach preparedness, response adequacy and post-breach response and actions, cybersecurity firms found that Anthem had taken appropriate measures before the breach in protecting its data. The team also determined Anthem had integrated a proper plan post-breach, which led to a quick response to the detected breach. The investigative team was able to find Anthem’s weaknesses and develop a plan to fix these weaknesses. As a result, the new plan was found to be reasonable in its data protection.

The team also discovered the origin of the attacker was on behalf of a foreign government. The exam team advised that previous attacks from this foreign county have not resulted in information being shared to non-state actors.

In addition to making improvements to its information security systems, Anthem has also provided credit protection to consumers whose information was breached and is paying more than $260 million for security improvements and remedial actions following the breach. Anthem is also offering credit protection to all minors under 18 following the breach.

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

Trimed Popup
Trimed Popup