Massive breach at health care company

http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/

It was expected that hackers turn to hack for health company data in 2015. It seems that it already started in large scale with this incident.

Posted from WordPress for Android

16 Comments

  1. Tomi Engdahl says:

    Massive breach at health care company Anthem Inc.
    http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/

    SAN FRANCISCO – As many as 80 million customers of the nation’s second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement.

    “Anthem was the target of a very sophisticated external cyber attack,”

    The hackers gained access to Anthem’s computer system and got information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data, Swedish said.

    The affected database had records for approximately 80 million people in it, “but we are still investigating to determine how many were impacted. At this point we believe it was tens of millions,” said Cindy Wakefield, an Anthem spokeswoman.

    That would make it “the largest health care breach to date,”

    Because no actual medical information appears to have been stolen, the breach would not come under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.

    No credit card information was obtained, the company said in a statement e-mailed to USA TODAY.

    Anthem has contacted the FBI and is working with Mandiant

    “The Anthem insurance company breach is another in a long line of breaches that continue to have a deep and disheartening effect on consumer behavior and the smooth flow of commerce both here at home and worldwide,” said Rep. Bennie Thompson, D-Miss., ranking member of the Committee on Homeland Security.

    Reply
  2. Tomi Engdahl says:

    Bloomberg Business:
    Signs of China-Sponsored Hackers Seen in Anthem Attack — (Bloomberg) — Investigators of Anthem Inc.’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.

    Chinese State-Sponsored Hackers Suspected in Anthem Attack
    http://www.bloomberg.com/news/articles/2015-02-05/signs-of-china-sponsored-hackers-seen-in-anthem-attack

    (Bloomberg) — Investigators of Anthem Inc.’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.

    The breach, which exposed Social Security numbers and other sensitive details of 80 million customers, is one of the biggest thefts of medical-related customer data in U.S. history.

    The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group — defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.

    The Anthem theft follows breaches of companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that have touched the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully.

    The Federal Bureau of Investigation is leading the investigation, according to Anthem, which has hired FireEye Inc., a Milpitas, California-based security company, to assist.

    Hackers could use stolen information — which Anthem said in its case included birthdates and e-mail addresses — to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks.

    In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike

    “This goes well beyond trying to access health-care records,” Meyers said. “If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection.”

    A different major U.S. health insurer was breached recently by Chinese hackers, according to a person involved in that investigation

    “A lot of these healthcare companies have a lot of very trusted relationships at the network level and the corporate level to some very hard targets on the federal side and the commercial side,”

    “The healthcare environment is in an unfortunate position: It didn’t expect to be a high, heavy target five years ago, so they didn’t prepare,” Hindawi said. “They didn’t expect to have advanced threats from nation-state actors targeting them.”

    Like many other Chinese hacking campaigns, the attacks appear to serve multiple purposes — one commercial and the other related to national security — said one of the U.S. officials.

    Reply
  3. Tomi Engdahl says:

    US health insurer Anthem hacked, 80 million records stolen
    http://thenextweb.com/insider/2015/02/05/us-medical-insurer-anthem-hacked-80-million-records-stolen/

    Anthem, the US’ second-largest health insurer, announced today that it was the victim of a cyber-attack last week, in which its database of about 80 million records — including names, birthdays and social security numbers — was compromised.

    Anthem reports that other personal member data like addresses, phone numbers, email addresses and employment information was also stolen. However, the company says that it has no evidence to show that credit card numbers, medical history, diagnosis or treatment data were exposed.

    President and CEO Joseph Swedish has promised that Anthem will contact all affected members whose information had been compromised, and provide them with free credit monitoring and identity protection services.

    Reply
  4. Tomi Engdahl says:

    From the Desk
    of Joseph R. Swedish
    President and CEO Anthem, Inc.
    To Our Members,
    http://www.anthemfacts.com/

    Anthem was the target of a very sophisticated external cyber attack. Based on what we know now, there is no evidence that credit card or medical information were targeted or compromised.

    Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.

    Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.

    Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind.

    Reply
  5. Tomi Engdahl says:

    This was a gigantic hacking: slowly pushing in

    Anthem data theft (80 million customer data) seems to have been a long-term process.

    Security company Check Point has studied Anthem data break execution. In its view, it was several months discreetly with advanced data slow push out of the company.

    Anthem has told it had a hint about the attack last week, when the company’s IT management employee noticed that his username and password were currently search the database.

    Initially, there was talk of modified malware, but attack may have begun as early as three months earlier.

    “This does not surprise at all. When we gathered last year, Check Point Security Report recognizes the security data for more than 10 000 organizations worldwide, 73 per cent of corporate networks was the date of the survey, at least one bot infected “, Check Point, Nordic Regional Manager Örjan Westman says the release.

    Bots go unnoticed, because cybercriminals convert them to a special tool exactly that traditional security programs do not recognize them.

    Source: http://www.tivi.fi/Kaikki_uutiset/2015-02-10/N%C3%A4in-tehtiin-j%C3%A4ttim%C3%A4inen-tietomurto-hitaasti-hivuttamalla-3215509.html

    Reply
  6. Tomi Engdahl says:

    Huge cyber thief the victim does not encrypt customer data

    Anthem Health Insurance Company maintained its 80 million customers personal data unencrypted database according to The Wall Street Journal (WSJ).

    The law does not require data encryption of sickness insurance companies and storing information in plain language is also a common practice in the field. Anthem representative Kristin Binns told the WSJ for, that information is encrypted only when they are exported in or out of the system.

    Of course, the fact that the requirement does not exist, does not mean that data should, logically, have to hide the normal security practices.

    But it is not that simple, the WSJ writes. -Informed source told the magazine that the encryption of information would make their treatment more difficult when information is shared health and state governments. In addition, data encryption may not be other than temporary slow down criminals on the road. The main problem is that the data in general were able to steal.

    Anthem believes that the intrusion used stolen employee password.

    Source: http://www.itviikko.fi/uutiset/2015/02/09/valtavan-kyberiskun-uhri-ei-salannut-asiakastietoja/20151703/7?rss=8

    Health Insurer Anthem Didn’t Encrypt Data in Theft
    Companies Aren’t Required by Law to Scramble Records, and Often Don’t
    http://www.wsj.com/articles/investigators-eye-china-in-anthem-hack-1423167560

    Anthem Inc. stored the Social Security numbers of 80 million customers without encrypting them, the result of what a person familiar with the matter described as a difficult balancing act between protecting the information and making it useful.

    Reply
  7. Tomi Engdahl says:

    Anthem Breach May Have Started in April 2014
    http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/

    Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion.

    The Wall Street Journal reported last week that security experts involved in the ongoing forensics investigation into the breach say the servers and attack tools used in the attack on Anthem bear the hallmark of a state-sponsored Chinese cyber espionage group known by a number of names, including “Deep Panda,” “Axiom,” Group 72,” and the “Shell_Crew,” to name but a few.

    In November 2014, Crowdstrike published a snapshot of a graphic showing the malware and malicious Internet servers used in what security experts at PriceWaterhouseCoopers dubbed the ScanBox Framework, a suite of tools that have been used to launch a number of cyber espionage attacks.

    particular address was until very recently the home for a very interesting domain: we11point.com. The third and fourth characters in that domain name are the numeral one, but it appears that whoever registered the domain was attempting to make it look like “Wellpoint,” the former name of Anthem before the company changed its corporate name in late 2014.

    We11point[dot]com was registered on April 21, 2014 to a bulk domain registration service in China. Eight minutes later, someone changed the site’s registration records to remove any trace of a connection to China.

    “We were able to verify that the evil we11point infrastructure is constructed to masquerade as legitimate Wellpoint infrastructure,” Barger said.

    Interestingly, that extcitrix.we11point[dot]com domain, first put online on April 22, 2014, was referenced in a malware scan from a malicious file that someone uploaded to malware scanning service Virustotal.com.

    As noted in a story in HealthITSecurity.com, Anthem has been sharing information about the attack with the Health Information Trust Alliance (HITRUST) and the National Health Information Sharing and Analysis Center (NH-ISAC), industry groups whose mission is to disseminate information about cyber threats to the healthcare industry.

    But a variety of data points suggest that the same infrastructure used to attack Anthem may have been leveraged against a Reston, Va.-based information technology firm that primarily serves the Department of Defense.

    ANALYSIS

    Of course, it could well be that this is all a strange coincidence, and/or that the basic information on Deep Panda is flawed. But that seems unlikely given the number of connections and patterns emerging in just this small data set.

    It’s remarkable that the security industry so seldom learns from past mistakes. For example, one of the more confounding and long-running problems in the field of malware detection and prevention is the proliferation of varying names for the same threat. We’re seeing this once again with the nicknames assigned to various cyberespionage groups (see the second paragraph of this story for examples).

    Reply
  8. Tomi Engdahl says:

    Anthem says hackers had access to customer data back to 2004
    http://www.latimes.com/business/la-fi-anthem-data-breach-20150212-story.html

    Insurance giant Anthem Inc. said Thursday that hackers had access to customer data going back to 2004 as investigations continue into the massive breach.

    The nation’s second-largest health insurer disclosed the new time frame as it prepares to offer two years of free identity-theft protection to millions of affected consumers starting Friday.

    Anthem announced last week that hackers infiltrated one of its giant databases containing Social Security numbers, birth dates, addresses and other personal information of up to 80 million Americans across the country.

    The Indianapolis-based company said its internal investigation was ongoing and it hadn’t yet determined which customers might have been affected.

    “We appreciate the identity-protection services being put into place by Anthem, but reviewing the scope and implications of this event will be a long process,”

    Reply
  9. Tomi Engdahl says:

    Cost of Anthem’s data breach likely to exceed $100 million
    http://www.cnet.com/news/cost-of-anthems-data-breach-likely-to-exceed-100-million/

    The US health-insurance provider’s own cyberinsurance policy is likely to be exhausted following the theft of up to 80 million records.

    The financial consequences of Anthem’s massive data breach could reach beyond the $100 million mark, according to reports.

    The US health-insurance provider’s own cyberinsurance policy covers losses of up to $100 million. However, when a company has up to 80 million current customers, former customers, employees and investors to notify, this amount may not be enough.

    According to Anthem CEO Joseph Swedish, the data stolen included client names, dates of birth, physical and email addresses, medical IDs and Social Security numbers. However, the company has said, there is no current evidence to suggest financial information or medical data — such as test results — were taken.

    According to industry news site Insurance Insider’s sources, Anthem’s cyberinsurance policy — written by AIG, Lexington, Safehold and Zurich, among others — could be exhausted due to the “costs of notifying the affected customers.” Anthem plans to notify every individual affected by the cyberattack and has also provided a hotline for those with question.

    Swedish has called the data breach a “very sophisticated external cyberattack.”

    Reply
  10. Tomi Engdahl says:

    Anthem hack raises fears about medical data
    http://www.latimes.com/business/la-fi-anthem-hack-fallout-20150206-story.html#page=1

    Insurance giant Anthem Inc. suffered a massive data breach exposing the personal information of up to 80 million Americans — and it could have been even worse for consumers.

    The hackers didn’t take sensitive medical information on patients or their credit card data, according to the company, even though it was stored alongside Social Security numbers and other personal information that were stolen.

    The intrusion is raising fresh questions about the ability of giant health insurers and other medical providers to safeguard the vast troves of electronic medical records and claims data they are stockpiling.

    All this comes at a time when Anthem is spearheading an ambitious effort to build a controversial database of medical records on 9 million Californians for use by hospitals and doctors.

    The federal government had put Anthem on notice in 2013 about its computer vulnerabilities, and last year the FBI warned healthcare companies about the growing threat of cyberattack on the industry.

    The hackers broke into one of Anthem’s databases sometime around early January, according to people familiar with the investigation. An Anthem employee noticed a large query running in the database on Jan. 27 using his log-in information and reported the suspicious activity.

    Two days later, an internal investigation verified that the company was a victim of a cyberattack, the company said, and federal authorities were alerted.

    The data breach extended across all of Anthem’s business, possibly affecting customers at large employers, individual policyholders and people enrolled in Medicaid managed-care plans. It also involved data on company employees.

    Anthem said it has doubled its spending on cybersecurity in the past four years and it has 200 employees dedicated to monitoring and safeguarding its networks.

    Consumer advocates said the issue of whether Anthem was largely at fault or the victim of a clever attack misses the point that no healthcare database is safe.

    “This thirst for more and more data from the medical industry inevitably places consumers’ health information at risk,” said Carmen Balber, executive director of Consumer Watchdog, a Santa Monica advocacy group. “It’s not fair to consumers for these companies to create one-stop shopping for data thieves.”

    This was not the first such slip-up by Anthem.

    In 2013, the company agreed to pay $1.7 million to resolve federal allegations that it exposed protected health information of 612,000 people online because of security weaknesses.

    “Anthem does not have a very good track record of protecting the information entrusted to them,”

    “From dealing with their IT system on the front end as a customer,” Winton said, “my impression is they don’t know what they are doing.”

    “Healthcare companies like Anthem have got to invest far more effort and resources in data security to regain public trust,” said Gerald Kominski, director of the UCLA Center for Health Policy Research.

    Reply
  11. Tomi Engdahl says:

    Phishers Pounce on Anthem Breach
    http://krebsonsecurity.com/2015/02/phishers-pounce-on-anthem-breach/

    Phishers and phone fraudsters are capitalizing on public concern over a massive data breach announced this week at health insurance provider Anthem in a bid to steal financial and personal data from consumers.

    The flood of phishing scams was unleashed just hours after Anthem announced publicly that a “very sophisticated cyberattack” on its systems had compromised the Social Security information and other personal details on some 80 million Americans.

    According to Anthem, fraudsters also are busy perpetrating similar scams by cold-calling people via telephone.

    It is likely that these phishing and phone scams are random and opportunistic, but there is always the possibility that the data stolen from Anthem has fallen into the hands of scam artists.

    The company says it will begin sending notifications to affected consumers via snail mail in the coming weeks.

    Reply
  12. Tomi Engdahl says:

    Millions of Children Exposed to ID Theft Through Anthem Breach
    http://www.nbcnews.com/business/personal-finance/millions-children-exposed-id-theft-through-anthem-breach-n308116

    Adults aren’t the only ones who can have their identity stolen.

    Tens of millions of American children had their Social Security numbers, date of birth and health care ID numbers stolen in the recent data breach at health insurance giant, Anthem Inc. This exposes these kids to the real risk of identity theft.

    “Every terrible outcome that can occur as the result of an identity theft will happen to the children who were on that database,” said Adam Levin, chairman and founder of IDentityTheft 911. “Criminals will use those stolen Social Security numbers to open accounts, get medical treatment, commit tax fraud, you name it.”

    “This is a watershed event,” Rohrbaugh said. “There is no other bulk acquisition of this much personal data – names, birthdates, addresses and Social Security numbers – that I am aware of in history.”

    And because the children’s information was linked to their parents’ data, it will make it much easier for cybercriminals to commit fraud against the parents as well, Rohrbaugh said.

    The Social Security number was never supposed to be used as a national identifier, but it’s become that. For an identity thief, that nine-digit number is the brass ring. It’s the skeleton key that unlocks your life.

    A child’s number is even more valuable. Here’s why: For most minors, their number is pristine – it’s never been used and is not yet associated with a credit file. That means there’s very little chance that the credit reporting agencies are monitoring it.

    So a criminal can take that stolen number, combine it with someone else’s name, address and birth date to create a fake ID

    “They will always take the child over the adult,” Abagnale told NBC News. “And the younger the child is the better, because they have longer to use that identity before someone finds out.”

    “Now it’s really all about detection,”

    The ITRC has prepared A Guide for Parents – Child Identity Theft Indicators

    ITRC Fact Sheet 120B
    Child Identity Theft Indicators:
    A Guide for Parents
    http://www.idtheftcenter.org/Fact-Sheets/fs-120b.html

    Reply
  13. Tomi Engdahl says:

    Caroline Humer / Reuters:
    Anthem says breach may have also affected up to 18.8M Blue Cross Blue Shield customers — Anthem says at least 8.8 million non-customers could be victims in data hack
    http://www.reuters.com/article/2015/02/24/us-anthem-cybersecurity-idUSKBN0LS2CS20150224

    Health insurer Anthem Inc, which earlier this month reported that it was hit by a massive cyberbreach, said on Tuesday that 8.8 million to 18.8 million people who were not its customers could be victims in the attack.

    Anthem, the country’s second-largest health insurer, is part of a national network of independently run Blue Cross Blue Shield plans through which BCBS customers can receive medical services when they are in an area where BCBS is operated by a different company.

    It is those Blue Cross Blue Shield customers who were potentially affected because their records may be included in the database that was hacked, the company said.

    Security experts are warning that healthcare and insurance companies are especially vulnerable to cybercriminals who want to steal personal information to sell on the underground market.

    Anthem continued to estimate that tens of millions of customer records were stolen, rather than simply accessed.

    Reply
  14. Tomi Engdahl says:

    Anthem Blocking Federal Auditor From Doing Vulnerability Scans
    http://it.slashdot.org/story/15/03/05/237236/anthem-blocking-federal-auditor-from-doing-vulnerability-scans

    Anthem Inc., the Indiana-based health insurer has informed a federal auditor, the Office of Personnel Management, that it will not permit vulnerability scans of its network — even after acknowledging that it was the victim of a massive breach that leaked data on tens of millions of patients. According to this article, Anthem is citing “company policy” that prohibits third party access to its network in declining to let auditors from OPM’s Office of the Inspector General (OIG) conduct scans for vulnerable systems.

    At Anthem: Where There’s Fire, There’s Smoke
    https://digitalguardian.com/blog/anthem-where-theres-fire-theres-smoke

    After losing 80 million patient records, Anthem Healthcare is refusing to have its network scanned for vulnerabilities by a federal auditor, raising questions about the health insurer’s internal practices.

    The saying goes “where there’s smoke, there’s fire.” But in the case of Indiana-based Anthem Inc., you might need to flip that adage around: “where there’s fire, there’s smoke.”

    That, after a federal auditor responsible for monitoring health insurers’ information security controls revealed this week that Anthem refused to allow it to scan its network for vulnerabilities, configuration problems and other issues in the wake of the breach.

    As reported by Healthcareinfosecurity, the Office of Personnel Management’s (OPM) Office of Inspector General, issued a statement saying that Anthem refused to allow the agency to perform “standard vulnerability scans and configuration compliance tests” this summer, as requested by the OIG. Worse: Anthem refused a similar request in 2013. In each case, Anthem cited “internal policies” that forbid outside access to its network as the reason for refusing to allow the vulnerability scans.

    Reply
  15. Tomi Engdahl says:

    Shannon Pettypiece / Bloomberg Business:
    Report: Cyber attacks costs US healthcare system $6B annually; nearly 90% of healthcare providers were hit by breaches in the past two years

    Rising Cyber Attacks Costing Health System $6 Billion Annually
    http://www.bloomberg.com/news/articles/2015-05-07/rising-cyber-attacks-costing-health-system-6-billion-annually

    A rise in cyber attacks against doctors and hospitals is costing the U.S. health-care system $6 billion a year as organized criminals who once targeted retailers and financial firms increasingly go after medical records, security researchers say.

    Criminal attacks against health-care providers have more than doubled in the past five years, with the average data breach costing a hospital $2.1 million, according to a study today from the Ponemon Institute, a security research and consulting firm. Nearly 90 percent of health-care providers were hit by breaches in the past two years, half of them criminal in nature, the report found.

    While intrusions like ones exposing millions of consumers at health insurer Anthem Inc. and hospital operator Community Health Systems Inc. have increased risk awareness, most of their peers are still unprepared for sophisticated data attacks, security experts have said.

    “The health-care industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized health-care databases are more valuable,”

    Thieves can use that information to take out a loan or open up a line of credit in the victim’s name, or for medical identity theft, where the victim’s insurance ID is used by an impostor seeking free medical care.

    About half of health-care organizations surveyed by Ponemon said they didn’t have sufficient technology to prevent or quickly detect a breach, or the personnel with the necessary technical expertise.

    “The organizations are getting better, but it is a slow-moving train,”

    The numbers this year are already in excess of last year’s, after hackers accessed almost 80 million records from Anthem and 11 million from the health insurer Premera Blue Cross.

    Data is resold on private forums that specialize in selling stolen credit cards or Social Security numbers, or on the dark web, where users’ identities are hidden and transactions are done anonymously in Bitcoins

    Reply
  16. Tomi Engdahl says:

    Joseph Menn / Reuters:
    OPM hack employed rare tool also used in last year’s Anthem breach, which was tied to Chinese intelligence — U.S. employee data breach tied to Chinese intelligence — The Chinese hacking group suspected of stealing sensitive information about millions of current and former U.S. government employees …
    http://www.reuters.com/article/2015/06/19/us-usa-data-breach-idUSKBN0OZ20Z20150619

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*