Details emerge in Anthem hack

The healthcare industry, which lags behind others when it comes to cybersecurity, now faces what is shaping up to be the largest breach of healthcare data in history. 

Hackers broke into health insurer Anthem's database, obtaining the personal information of about 80 million consumers, including names, birth dates, addresses, email addresses, employment information and Social Security/member identification numbers.

Members' Social Security numbers were not encrypted, according to a Wall Street Journal article that cites an anonymous source familiar with the breach. Encrypting the information would have made it more difficult for hackers to access and sell, according to the article. 

The company believes a hacker group used a stolen employee password to access the database, the article said.

Who's behind the attack?

The perpetrators are not yet known, although an FBI-led investigation is underway. There's speculation that a Chinese state-sponsored hacker group might be behind the breach, according to a Bloomberg article, which also cites anonymous sources.

"The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group," the article said.

China has denied having anything to do with the attack, according to an article in the Bangkok Post--foreign ministry spokesman Hong Lei called the accusations "groundless."

Who else may be impacted?

Anthem's plans and brands include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare.

However, no indicators of compromise were found in other organizations across the industry, meaning this attack was targeted specifically at Anthem, according to a Health Information Trust Alliance (HITRUST) alert emailed to FierceHealthIT. The suspicious activity on Anthem's network shared various indicators of compromise, according to HITRUST, including MD5 hashes, IP addresses and threat actor email addresses.

What steps is Anthem taking?

The insurance company has on its website a list of frequently asked questions regarding the breach.

In addition, when the attack was discovered, on Jan. 29, the company alerted the FBI and contracted cybersecurity firm Mandiant, according to a statement from Anthem CEO Joseph Swedish.

"Anthem's own associates' personal information--including my own--was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data," Swedish said.

However, Anthem did recieve praise from HITRUST for its ability to detect the breach and take action.

"We believe that Anthem's adoption of strong information security controls, comprehensive assessment process, participation in cyberpreparedness exercises and cyberthreat information sharing were crucial in their ability to detect, analyze, remediate and collaborate swiftly and effectively," the organization said.

But even so, Anthem will most likely face a bevy of lawsuits from consumers. A California woman on Thursday was the first to do so, accusing the health insurer of failing to properly secure and protect its customers' personal information, according to another Bloomberg article.

Now what?

It is likely this attack--shaping up to be the biggest in the healthcare industry's history--will create waves in regards to the vital importance of active security practices at industries throughout the U.S.

Late last month, President Barack Obama touted cybersecurity as one of his top priorities in his State of the Union address.

Lawmakers are already voicing their anger at the breach. House Energy and Commerce Committee Chairman Fred Upton (R-Mich.) said it is now "not a matter of if [businesses] will be infiltrated, but when," according to an article at The Hill.

Upton said his committee will receive a briefing from Anthem on the attack and hold further hearings on cyberattack.

To learn more:
- read the WSJ article
- check out the Bloomberg article
- here's the report