Skip to content Skip to navigation

California Dept. of Insurance: Anthem Breach Caused by Foreign Nation

January 11, 2017
by Rajiv Leventhal
| Reprints

Examination findings from the 2015 cybersecurity breach of health insurance giant Anthem Inc., which compromised 78.8 million consumers' records, have revealed that very likely, “the cyber attacker was acting on behalf of a foreign government,” according to the California Department of Insurance.

The cyber breach was first discovered by Anthem on Jan. 27, 2015. In early February 2015, Anthem and its affiliates announced the company had suffered a major breach, which compromised 78.8 million consumer records, including records of at least 12 million minors.

An investigation by the insurance commissioners' examination team and a separate internal investigation by Mandiant, an information security firm hired by Anthem, revealed the data breach began on Feb. 18, 2014, when a user within one of Anthem's subsidiaries opened a phishing email containing malicious content. Opening the email permitted the download of malicious files to the user's computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem's data warehouse.

Anthem agreed to make a number of enhancements to its information security systems, and also agreed to provide credit protection to all consumers whose information was compromised. Anthem is paying more than $260 million dollars for security improvements and remedial actions in response to this breach. California Insurance Commissioner Dave Jones was one of seven insurance commissioners leading the national investigation of the Anthem cyber breach.

"This was one of the largest cyber hacks of an insurance company's customer data," Jones said in a statement last week. "Insurers have an obligation to make sure consumers' health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”

Jones added, “In this case, our examination team concluded with a significant degree of confidence that the cyber attacker was acting on behalf of a foreign government. Insurers and regulators alone cannot stop foreign government assisted cyber attacks. The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyber attacks on insurers, much as the President did in response to Russian government sponsored cyber hacking in our recent presidential election.”

The lead insurance commissioners employed an examination team composed of the cybersecurity firm CrowdStrike and Alvarez & Marsal Insurance and Risk Advisory Services, LLC. The team focused its investigation on Anthem's pre-breach response preparedness, the company's response adequacy at the time of the breach, and their post-breach response and corrective actions.

The team found Anthem had taken reasonable measures prior to the data breach to protect its data and employed a remediation plan resulting in a rapid and effective response to the breach once it was discovered. The team noted Anthem's exploitable vulnerabilities, worked with Anthem to develop a plan to address those vulnerabilities, and conducted a penetration test exercise to validate the strength of Anthem's corrective measures. As a result, the team found Anthem's improvements to its cybersecurity protocols and planned improvements were reasonable.

The team determined with a high degree of confidence the identity of the attacker and concluded with a medium degree of confidence that the attacker was acting on behalf of a foreign government. Notably, the exam team also advised that previous attacks associated with this foreign government have not resulted in personal information being transferred to non-state actors.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

New York Presbyterian Brooklyn Methodist Revalidated as EMRAM Stage 7

Due to its use of RFID technology to improve patient care and outcomes, New York Presbyterian Brooklyn Methodist Hospital (NYPBMH) has received acute care Stage 7 revalidation on the HIMSS Analytics Electronic Medical Record Adoption Model (EMRAM).

Dana Alexander Named 2016 HIMSS Nursing Informatics Leadership Award Winner

Dana Alexander, R.N., has been named the recipient of the 2016 HIMSS-ANI Nursing Informatics Leadership Award, a joint award sponsored by Alliance for Nursing Informatics (ANI) and HIMSS.

Agency Leadership Update: Collins Stays at NIH, Bindman Leaves AHRQ

As President-elect Donald Trump is sworn in as the United States’ 45th president at noon today, there has been an ongoing administration shuffle as agency leaders have stepped down as part of the presidential transition.

Reports: Indiana Cancer Services Agency Hacked, Won’t Pay Ransom

Earlier this month, Cancer Services of East Central Indiana- Little Red Door’s terminal server and backup drive were hacked by cybercriminal TheDarkOverlord, leading to a ransom demand that the cancer services facility will not pay, according to media reports.

Insurer to Pay $2.2M HIPAA Settlement for Disclosure of Unsecured ePHI

MAPFRE Life Insurance Company of Puerto Rico has agreed to settle potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by paying $2.2 million.

Avoidable Hospitalizations among LTC Residents Drops by 31 Percent

A data brief from the Centers for Medicare & Medicaid Services (CMS) has revealed that avoidable hospitalizations among long-term care facility residents has dropped by about 31 percent since 2010.