January 10, 2017

Foreign Nation Behind Anthem Breach, Investigation Claims

The California Department of Insurance on Friday revealed that an investigation into the data breach of health insurance giant Anthem Inc. has concluded that a foreign country was behind the attack.

The massive data breach was first discovered by Anthem on January 27, 2015, and was publicly announced the following month. The incident impacted 78.8 million consumer records, including records of at least 12 million minors, the company revealed.

Several months later, security firm Symantec published a report saying that Anthem was breached by a threat group known as Black Vine, which has been active since at least 2012. The actor was said to have ties to the Chinese People’s Liberation Army (PLA) and to have worked with Chinese firm Topsec, as well as to have targeted aerospace, healthcare, energy, military and defense, finance, agriculture, and technology industries in the US, China, Canada, Italy, Denmark, and India.

In its announcement last week, the California Department of Insurance revealed that the insurance commissioners’ examination team, which was composed of the cybersecurity firm CrowdStrike and Alvarez & Marsal Insurance and Risk Advisory Services, had determined the identity of the attacker and its ties with a foreign country.

“It’s becoming almost acceptable to blame a state actor for these breaches. First, it’s very hard to verify that involvement. It’s easy to buy access to servers in many countries using bitcoin and even find the malware used in many cases on the dark web. Without having access to the remote system it’s always going to be more of a guess,” Michael Lipinski, CISO and chief security strategist for Securonix, told SecurityWeek in an emailed statement.