The relatively long period of quiet, without a major data breach, has ended on Wednesday with the announcement that Anthem Inc., the second largest health insurer in the U.S. has suffered a massive data breach.
The word massive is not to be underestimated in this case: over 80 million Anthem customers had their personal information including social security numbers, exposed. Affected affiliated companies include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
“Anthem Blue Cross was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information (such as claims, test results or diagnostic codes) were targeted or compromised,” stated the company in an email.
The company will provide free credit monitoring and identity protection services to affected customers. According to the CEO, he is one of the victims of the hackers, along with other Anthem employees whose information was stolen, as well.
Today KrebsOnSecurity published an investigation into the matter and reports that there is a growing suspicion that the attack has originated from China and was state-sponsored. In fact, FBI has already identified a potential hacker group behind the attack: Deep Panda. The Deep Panda group has been monitored for over three years by CrowdStrike, a company specializing in attributing nation state-level attacks. According to CrowdStrike, the Deep Panda group is known to have been using Adobe Flash exploits to infiltrate networks. (The recent series of Adobe Flash updates might be related to this activity, as well). Dave Damato of Mandiant, a cybersecurity firm called to site to investigate the attack, said: “I can confirm that [attackers] were using different custom back-doors that are not publicly available. That is one indication that it is an advanced attack.”
Deep Panda is a group that is very advanced and targets “critical and strategic business verticals including: government, defense, financial, legal, and the telecommunications industries.” It is believed that the Anthem breach was a way to for the attackers to gain access to information about a select group of people, including defense contractors, government employees, and other valuable targets.
