Freely subscribe to our NEWSLETTER

Stephen Coty, chief security evangelist, Alert Logic

"Anthem, One of the largest health insurers in the US, was the victim of a data breach. Key indicators of compromise started being noticed by the Anthem team late last week. The breached database server hosted personal information (Names, Birthdays Address, Email, Employment information and Social Security Numbers) on over 80 million individuals. According to the company there was no Credit Card information, medical history, diagnosis or treatment data stolen. The data was tracked to the abuse of a credentialed user of the database. This points to a targeted attack that was focused on Anthem. Without any investigative intelligence from the inside I can theorize that a phishing email campaign against was launched in which a user downloaded malicious code.

Anthem says it contacted the FBI immediately after it discovered the attack, and has commissioned cybersecurity firm Mandiant to evaluate its systems. According to one of the team members the Anthem attack was “sophisticated” and used techniques that appeared to have been customized, rather than broadly available tools, and were “very advanced.” Investigators haven’t yet concluded who was behind the Anthem breach.

President and CEO Joseph Swedish has promised that Anthem will contact all affected members whose information had been compromised, and provide them with free credit monitoring and identity protection services."

Rahul Kashyup, chief security architect, Bromium

"If 2014 was the ‘year of breaches’, obviously 2015 is set up as the year of ‘more breaches’. The Anthem breach should be a pointer to all those not yet in the ‘breach club’ to wake up to the new era of cybersecurity and what’s at stake. It’s obvious to the attackers that such breaches can be done – repeatedly and they won’t stop. If you’re an organization that holds sensitive data of its customers or affiliates, ensure that your response to this attack changes from ‘Thank heavens it wasn’t us’ to ‘What if it were us?’ and work relentlessly to avoid such data breaches.

Large institutions such as Anthem are under constant attack. Why? Simply put, the attackers have nothing to lose due to the loose boundaries of the internet and lack of internet laws. Most large organizations are ‘hackable’ due to the fallible nature of humans at work, and outdated security controls and/or inefficient security practices. The key driver behind most of such attacks is obviously financially motivated. Attackers typically want to steal either Credit Card information or Identity of the victims.

In this case, Anthem has acknowledged that personal data was stolen. So, obviously, there was a gap in their controls that led the attackers into their sensitive networks. Internal networks should be designed with the expectation that at some point the end users will get infected, so basic principles such as segmentation of network are important. Adequate controls should be put on servers hosting sensitive information so that Incident Response can be quick. In this case the attackers managed to steal information, so evidently the exfiltration went undetected for sometime – which was enough.

Given the nature of details disclosed by Anthem, affected individuals should watch out for Identity theft scams. The issue is hot right now, so the attackers are likely to move fast in the upcoming weeks to sell this data in the underground.

It is Anthem’s responsibility for protecting their customers’ sensitive data that was entrusted with them. Giving a timely response to their customers is the least that is expected in such situations. It is yet to be ascertained on the damage done already, we’ll soon find out."