China linked to Anthem attack

The massive hack attack on health insurer Anthem's database that compromised information for 78.8 million consumers has been connected to the Chinese government, the Washington Post has reported.

Software used in the attack, the largest known breach to date in the healthcare industry, is a match for software from China used in a previous attempted attack on Reston, Virginia-based defense contractor VAE, according to Rich Barger, chief intelligence officer of cybersecurity firm ThreatConnect. Barger called the digital signature used in both instances "precise."

In the VAE incident, which took place last year, the attempted breach was traced because hackers used the same computer server for their break-in as one used to host a hacking competition co-sponsored by a Nanjing-based university and a Beijing-based defense contractor. The attempted breach may have been part of the competition, according to Barger.

China has already denied having any role in the attack, although a hack attack discovered last August on Franklin, Tennessee-based Community Health Services--which operates 206 hospitals in 29 states--also was linked to China.

In the wake of the attack, hospital providers and health payers are speaking out on what they are doing to prevent data breaches, as well as what they should be doing.

Breaches of protected health information increased more than 25 percent from 2013 to 2014, according to a recently published analysis by IT security assessment company Redspin. Similarly, the Ponemon Institute recently determined that medical identity theft incidents rose more than 20 percent in fiscal year 2014 compared to the year prior. Of 49,000 U.S. adults surveyed for the report, 68 percent indicated that they are not confident in their healthcare providers' security measures.

To learn more:
- here's the Washington Post article