Last updated Feb 7, 2015 - Both the Wall Street Journal and cyber security blogger Brian Krebs reported that Anthem Inc., the nation’s second largest health insurer disclosed that hackers had broken into its servers and stolen Social Security numbers and other personal data. The WSJ said this could be up to 80 million records which makes this one of the largest hacks in Healthcare. The social security numbers were not encrypted which is surprising to say the least.
Anthem said that the company was the target of a “very sophisticated external cyber attack” that exposed names, dates of birth, member ID/ Social Security numbers, addresses, phone numbers, email addresses and employment information. The company stressed that the exposed data did not include medical records or financial information.
“We are working around the clock to determine how many people have been impacted and will notify all Anthem members who are impacted through a written communication,” Anthem said in question and answer page released about the breach. This is a developing story so stay tuned for more.
What is new about this attack is that Anthem discovered it themselves, and decide to report it early. Not clear how the bad guys got in, but this smells of a spear phishing attack by eastern European or Chinese cyber mafia followed by data exfiltration, pretty much social engineering business as usual for them.
Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc. are pointing the finger at state-sponsored hackers from China. Although unconfirmed, that suspicion would explain a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks.
It is clear that you have to step your users through effective security awareness training to prevent a data breach disaster like this. We have created a template you should send to your employees to inuculate them against the coming attacks. This is how it looks and you can find it in the Current Events System Templates:
Find out how affordable this is for your organization today.