Wednesday, February 4, 2015

BREACH: Anthem breach is the mother of all Healthcare Data Breaches!

We knew ahead of time but waited until the CEO of Anthem made a public statement. The Anthem breach will prove to be one of the biggest breaches in Healthcare history. The breach is being investigated by the FBI and several large new organizations leaked information on the breach prior to an official announcement earlier today.

We will make this a sticky post and follow the developments.

2/4/2015: Official Notification Came Out Today but was proceeded by news media leaks of details.
2/4/2015: WSJ appears to have been the first news media organization to break the story.
2/5/2015: DataBreaches also posted information they have compiled here.
2/5/2015: Major News continues to report on the issue.
2/5/2015: LA Times reporting really specific information on the case.

From the LA Times:
Suspicious activity was first noticed and reported Jan. 27. Two days later, an internal investigation verified that the company was a victim of a cyber attack, the company said. The unauthorized access to the vast database goes back to Dec. 10.

Cybersecurity analysts warned that the thieves may attack Anthem again using the employee data they took. Anthem said it’s working to strengthen security and identify any potential gaps.

“It is highly possible that they are preparing for another attack, such as a social engineering or phishing attack, that may give them access to systems that they were unable to reach,” said Tom DeSot, chief information officer of cybersecurity firm Digital Defense Inc. in San Antonio.


Previously Reported:
Anthem Blue Cross Data Breach (Nov 2014) - Our Previous Report

From Krebs:
Bloomberg reports that U.S. federal investigators probing the theft of 80 million Social Security records and other sensitive data from insurance giant Anthem Inc. are pointing the finger at state-sponsored hackers from China. Although unconfirmed, that suspicion would explain a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks.

No comments:

Post a Comment