California: A Foreign Government Responsible for Massive Anthem Breach

Written by

The massive data breach of health insurance giant Anthem, which affected 78.8 million consumer records, was carried out by a “foreign government,” according to the California Department of Insurance.

Anthem hired Mandiant to investigate the breach, and said that it is working with the FBI. It noted when the breach happened that “attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”

After a long investigation, the DoI report concluded with a “significant degree of confidence” that the cyber-attacker was acting on behalf of a foreign government—it didn’t name which government. However, previous attribution attempts placed the actors in China.  

“The team determined with a high degree of confidence the identity of the attacker and concluded with a medium degree of confidence that the attacker was acting on behalf of a foreign government,” the report said. “Notably, the exam team also advised that previous attacks associated with this foreign government have not resulted in personal information being transferred to non-state actors.”

The report also called for more resources.

 “Insurers and regulators alone cannot stop foreign government assisted cyber-attacks,” said California Insurance Commissioner Dave Jones. “The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyber-attacks on insurers, much as the president did in response to Russian government-sponsored cyber-hacking in our recent presidential election."

That said, Anthem itself is being held accountable. For its part, Anthem is paying more than $260 million for security improvements and remedial actions in response to the breach, and also agreed to provide credit protection to all consumers whose information was compromised.

"This was one of the largest cyber hacks of an insurance company's customer data," said Jones. "Insurers have an obligation to make sure consumers' health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”

The investigation found that the the data breach began on Feb. 18, 2014, when a user within one of Anthem's subsidiaries opened a phishing email containing malicious content. From there, the hackers were able to deploy malware, and pivot to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem's data warehouse.

Photo © Jonathan Weiss/

What’s hot on Infosecurity Magazine?