Anthem Inc., one of the country's largest health insurance providers, announced last week that it had fallen victim to a data breach that exposed the personal data of as many as 80 million customers. The hack, one of the biggest involving medical-related information in U.S. history, compromised Social Security numbers, birth dates, names and addresses.
After investigators looked into the massive breach, there appeared to be evidence that it was perpetrated by state-sponsored hackers from China looking to do more than make a quick buck. The cyberattack follows a similar pattern as earlier thefts of medical information conducted by foreign actors looking for personal information about defense contractors, government workers and other privileged U.S. employees.
According to officials familiar with investigation, China is an early suspect in the breach because the technical details of the attack seem to bear the fingerprints of a nation-state attack. While China has previously said that its agencies do not conduct espionage through hacking, the attack shares many similarities with previous hacks linked back to the country. The information gained by obtaining the Anthem records could easily be used to construct convincing phishing emails that trick victims into sharing sensitive information. Anthem insures the employees of a variety of government contractors, including Northrop Grumman Corporation and The Boeing Company. If an employee with classified defense documents on their computer was tricked into clicking on a link in a phishing email, privileged information could be unknowingly leaked.
Health insurance useful for more than identity theft
In an interview with Bloomberg Business, security analyst Adam Meyers said that hackers backed by China have taken health records and information on prescription drugs in the past year in order to create profiled of possible spy targets.
"This goes well beyond trying to access health-care records," said Meyers. "If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection."
Another U.S. health insurer was recently breached by Chinese actors, and it was determined that the hackers' goal was to access information on the employees of a defense contractor that makes advanced avionics and other weaponry, Bloomberg Business reported. A government agency also experienced a breach of medical information last year in which data on tens of thousands of employees who had applied for top-secret clearance were stolen.
According to Meyers, the pattern of hacking fits a cybercriminal group known as Deep Panda which has targeted both the healthcare industry and defense contractors over the last few months. This string of attacks has led researchers to believe that China is creating a massive database of individuals who may serve as intelligence targets.
Threats to personal information increasing
As the threat of foreign cyberattacks increases, organizations need to improve upon their existing security strategies to ensure sensitive information remains secure and private. Industry experts have been saying for some time now that threat identification and response are the most important parts of a defense plan. Malicious actors are looking for a way in, or may have already found one. If there are not means through which to detect an intrusion, the hackers won't be stopped until valuable data has been stolen and used for nefarious purposes.
"You can buy a million-dollar firewall, but you need someone to make it effective," said Chris Pogue, senior vice president of cyber threat analysis for software firm Nuix. "It's marriage of skill and resources."
In order to gain the right balance of resources and skills, a growing number of organizations are turning to security information and event management services. SIEM solutions have become one of the most reliable ways to protect sensitive data by providing around the clock network monitoring. The continuous monitoring makes it easier to detect suspicious behavior that can point to fraudulent activity and puts less pressure on internal IT departments. The event information gathered by a SIEM service is analyzed and provided to the organization in order to create a more robust defense strategy in the future.