Report: Anthem Breach Was Caused by a Foreign Government
CrowdStrike analysts determined the identity of the attacker, and concluded that the attacker was acting on a foreign government's behalf.
According to a recent report [PDF] from the California Department of Insurance, the massive 2015 breach at the health insurance company Anthem, which exposed 80 million customers' and employees' personal information, was caused by a cyber attack carried out on behalf of a foreign government.
The report was put together by an examination team from Alvarez & Marsal Insurance and Risk Advisory Services, LLC; Alvarez & Marsal Global Forensic and Dispute Services; and CrowdStrike Services, Inc.
"Examination Team members from CrowdStrike determined the identity of the Attacker with high confidence," the report states. "CrowdStrike also concluded with medium confidence that the Attacker was acting on behalf of a foreign government. In CrowdStrike's experience, attacks associated with this foreign government have not resulted in PII being transferred to non-state actors."
The report does not identify the foreign government believed to be responsible for the attack.
"The Attacker exploited weaknesses in Anthem's information security processes and technology to access and exfiltrate a large quantity of Anthem customer data," the report states. "Once the Data Breach was identified, Anthem responded quickly and effectively to the Attacker's presence in its network, fully removing the Attacker's access to the network within three days. While deficiencies within Anthem's cyber security posture were noted by the Examination Team, these deficiencies were not, in our experience, uncommon to companies comparable to Anthem in size and scope."
Michael Lipinski, CISO and chief security strategist at Securonix, told eSecurity Planet by email that the involvement of a nation state in the attack shouldn't really matter. "It's becoming an excuse to blame state actors on these breaches, almost removing blame for the victim," he said. "We need to do a better job defending against all types of attacks rather than accepting that if a state actor hacks you, it's ok."
"What can be done? Prudent use of technology to enhance the people and process aspect of the 'detect and respond' portion of an information security program needs to become a focus for all organizations," Lipinski added. "I would also like to see far more partnering between private and government sectors. I think the government could drive more information sharing efforts."
According to the results of a recent Black Book poll of 12,090 U.S. adults, 57 percent of respondents who had experiences with hospital, physican or ancillary provider technology in 2016 are skeptical of the overall benefits of health information technologies, mainly because of reports of data hacking and because of a perceived lack of privacy protection by providers.
Respondents expressed concern that their pharmacy prescriptions (90 percent), mental health notes (99 percent) and chronic condition data (81 percent) may be shared with retailers, employers and/or the government without their knowledge or consent.
As a result, 89 percent of respondents who had visited a healthcare provider in 2016 reported withholding health information during visits.
"This revelation should force cyber security solutions to the top of the technology priorities in 2017 to achieve tangible trust in big data dependability," Black Book president Douglas Brown said in a statement.
Photo courtesy of Shutterstock.