China May be Behind Anthem Cyber Attack

keyboard with hacker typing

Photo courtesy Fotalia

China May be Behind Anthem Cyber Attack
| published February 6, 2015 |

By Thursday Review staff


It may turn out to be the largest cyber-attack of an insurance provider in U.S. history. Last week, hackers broke into the computer network at Anthem Incorporated, and hauled off with the personal information of more than 80 million customers and employees. Among the data stolen: full names, Social Security numbers, home addresses, landline phone numbers, cell numbers, and email addresses. Hackers may have also gained access to employee records such as income and benefits. Anthem says there is no evidence that the hackers gained access to actual medical records, prescription information, payment information, or credit card numbers, but the theft of such a massive trove of other personal data has sent shockwaves through the U.S. and has some law enforcement officials worried about a new wave of identity theft.

Within hours of the breach, hackers and criminals were advertising their desire to gain access to the information—especially names, social security numbers and email addresses.

Some news agencies are reporting that the FBI and other law enforcement officials believe this cyber-attack may have been orchestrated by China. The FBI and other agencies are investigating, and have said that the Anthem attack may be part of a systematic campaign by China—or some other foreign country—to compile a database of personal information on public and government employees, military contractors, law enforcement, and members of the banking and finance industries. The goal? The ability to use incriminating information as a form of leverage—i.e. electronically confront an individual with incriminating or embarrassing information in exchange for even more valuable data in the area of finance, technology or defense.

The email addresses alone—coupled with basic personal data such as an address, phone, birthdate or Social Security number—can be valuable in what is known as “phishing,” the process of generating phony emails using what appear to be legitimate details, thus encouraging the email recipient to respond often with passwords and other data. If such a tactic works on a person’s home computer, it can result in stolen identities or stolen cash and assets. If such a scheme works successfully in the office, however, a phishing attack can give a hacker access to an entire company’s computer network, corporate files, financial data, and proprietary information.

In other words, one successful hack can pave the way almost immediately to more cyber-attacks spread across a variety of networks, and the cost can escalate geometrically.

That’s why the Anthem cyber-attack has law enforcement and security experts worried. Unlike the data breaches at Target, Michael’s and Home Depot, which were garden variety hacks—cyber-criminals in search of credit card numbers and debit card numbers for a fast return—the Anthem attack indicates that hackers, probably in the employ of foreign governments and foreign espionage units, are hunting for bigger game.

That the Chinese government or military may be behind some of the most recent attacks, including the cyber assault on Anthem, is contentious diplomatically. China has officially declared that it knows nothing of any attempts to intrude on U.S. business or government websites or databases. But carefully managed “sting” operations conducted at computer security firms and at several universities have shown that the first attacks or intrusions into “honeypot” computers and file servers are often internet protocol addresses in China. But other major cyber-attacks have been attributed to countries other than China; for example, the JPMorgan data breach, which some law enforcement officials say originated with hackers in Russia.  And then there is the case of the Sony Pictures Entertainment cyber-attack, one of the largest in history, officially attributed to North Korea (though there are those who doubt Pyongyang could have pulled off such a complicated heist).

Chinese hackers may have been behind the massive breach of Community Health Systems, Inc, the nation’s second-largest hospital and clinic chain with 35,000 beds in 206 hospitals, and the steward of the medical and health records of more than 4.5 million Americans and Canadians.

And though President Barack Obama and White House spokespersons promised a proportional response against North Korea for its role in the Sony Pictures cyber-attack, it is not clear precisely what the United State can do to counterstrike against hackers without—as some have pointed out—setting in motion a cycle of escalating assaults and counter-assaults.

Anthem, which includes much of the Blue Cross Blue Shield health care and insurance network in some 35 states, provides insurance and health coverage to more than 80 million people. Since Anthem operates as the umbrella organization for scores of other health providers and insurance firms, many Americans may not realize that their personal information has been compromised. Security experts suggest that the first prudent step any U.S. citizen can take is to check with their health care provider to determine if it falls under the coverage of Anthem, the parent company of brands like Community Insurance Company (Ohio) and Rocky Mountain Hospital & Medical Service (Nevada).

The breach was first detected about ten days ago, at which time Anthem says it contacted the FBI and other law enforcement agencies. On Wednesday the company acknowledged for the first time that its data had been breached by hackers. Among other steps, Anthem has secured the services of Mandiant, the same cyber-sleuth firm used by Sony Pictures to investigate its data breach in December.

According to some media reports, Anthem will send out letters to millions of its members within the next two weeks explaining the nature of the cyber-attack and outlining what those customers should expect. The letters may also suggest certain steps for its members to take to avoid problems with identity theft or security issues.

According to USA Today, the health care industry in the United States and Canada has experienced the largest and most severe data breaches of any segment of the economy, and cyber-attacks have now affected nearly half of all health care companies in the United States.

The Anthem website was updated today to include a message from President and CEO Joseph R. Swedish, explaining to patients, customers and employees the nature and the depth of the cyber-attack.

“Anthem was the target of a very sophisticated external cyber attack,” Swedish wrote, “These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members.”

“Once the attack was discovered,” he writes later in the statement, “Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Related Thursday Review articles:

Hacker Versus Hacker; R. Alan Clanton; Thursday Review; December 30, 2014.

Top Sony Exec Comments on Cyber Attack; R. Alan Clanton; Thursday Review; January 6, 2015.