{"id":75581,"date":"2015-02-19T20:53:25","date_gmt":"2015-02-20T01:53:25","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2022-08-12T15:59:10","modified_gmt":"2022-08-12T19:59:10","slug":"anthem-data-breach-allows-phish-of-us-cyber-forces","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/anthem-data-breach-allows-phish-of-us-cyber-forces\/","title":{"rendered":"Anthem Data Breach Allows Phish of US Cyber Forces"},"content":{"rendered":"

\"Anthem<\/a>– Updated 10\/25\/2018 –<\/strong> Anthem, Inc. has agreed to pay a $16 million HIPAA fine<\/strong> to the U.S. Department of Health and Human Service, Office for Civil Rights. The OCR found that the data breach between December 2, 2014, and January 27, 2015, cyber-attackers stole the electronic protected health information of almost 79 million people<\/strong>. The stolen information in the data breach included names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information.<\/p>\n

The $16 million settlement is the largest HIPAA settlement<\/strong>.<\/p>\n

—<\/p>\n

\"Anthem<\/a>Many online believe that the Anthem<\/a><\/strong> (ANTM<\/a>) hack was a strategic cyber-war strike<\/strong> by China. Stu Sjouwerman<\/a> at\u00a0CyberheistNews<\/em><\/a> writes<\/a> that PII thefts would normally be a Russian operation. However, the Anthem data breach appears to be a Chinese attack. CNN<\/a><\/em> reports<\/a> that Chinese hackers tend to target trade, economic, and national security secrets that could help the Chinese economy<\/a>. Mr.\u00a0Sjouwerman says he received an insider tip that most of the three-letter U.S. Government agencies<\/strong> have their employees insured through Anthem’s Blue Cross Blue Shield<\/a>. Anthem also provided health insurance defense contractors Northrop Grumman<\/strong> and Boeing<\/strong>.<\/p>\n

\"Anthem<\/a>Knowbe4’s<\/a> Sjouwerman speculates that the Chinese now own the identities of all the people fighting them. The stolen data can now be used in a multitude of social engineering scenarios.<\/strong> Dmitri Alperovitch<\/a>, co-founder of security firm CrowdStrike<\/a> told CNN<\/em> that the attack fit the profile of a hacking group believed to be Chinese government<\/a> spies called “Deep Panda<\/strong>.”<\/p>\n

The objective of the “Deep Panda” data breach according to the CrowdStrike CTO is to amass a large collection of Americans’ personal information<\/strong> to find citizens willing to spy for the Chinese and find potential U.S. spies operating in China. Mr. Alperovitch told CNN<\/em> that’s why\u00a0<\/span>Chinese hackers broke into U.S. federal employee network<\/a>\u00a0<\/span>last year. They also broke at least three hospital chains and two insurance providers the public hasn’t yet heard about.<\/p>\n

\"Phishing\"<\/a>Knowbe4<\/a> speculates that many people in the Government have steam coming out of their ears about the Anthem hack. Cyberwar<\/a> has suddenly become very personal to them. This may be why President Obama<\/a> recently signed an executive order that will nudge private companies to share data about cybersecurity threats between each other and with the federal government.<\/p>\n

Apart from the cost of the Anthem data breach are likely to smash $100 million barrier, it’s surprising that Anthem did not encrypt SSN’s<\/strong> which allowed wholesale identity theft<\/a> of thousands of American cyber-warriors.<\/p>\n

\"Deep<\/a>CEO Sjouwerman explains that hackers are going after healthcare records<\/strong> because they are much more valuable.<\/strong> He points out that healthcare records stay active for several months<\/strong> after a hack, as opposed to credit card numbers which quickly get nixed after a few days. Since Anthem is a healthcare company, you would expect them to take HIPAA compliance<\/strong> to the max and even top the required controls with higher standards. As we all know, compliance does not equal security, but it establishes a baseline at the very least.<\/p>\n

rb-<\/em><\/strong><\/p>\n

There is enough blame to go around.<\/em><\/p>\n

Time to go back to a cash society and barter.<\/em><\/p>\n

Say, Doc Johnson, I’ll trade you two chickens for measles vaccination.<\/em><\/p>\n

Related articles<\/h6>\n