China hacks military and defense personnel’s health records

People's Liberation Army (PLA) cadets meet with U.S. Army Gen. Martin E. Dempsey, not shown, the chairman of the Joint Chiefs of Staff, at a PLA Aviation Corps academy near Beijing April 24, 2013.

The recent Anthem hack has millions of customers worried, approximately 80 million of them, including those employed by the U.S. government. The health insurance giant has an extensive customer list, which includes U.S. Chief Advisor Michael Daniel.

According to QZ.com, Anthem has a division, National Government Services, solely dedicated to managing federal health care claims. Its top clients include the Defense Health Agency, the Department of Defense and the Department of Veteran Administration.

However, an Anthem spokesperson stated that “An investigation indicates that National Government Services was not impacted by the Anthem cyber-attack. Medicare information managed directly by National Government Services is maintained on systems protected by the Department of Health and Human Services and the Centers for Medicare and Medicaid Services.  These are not the systems which were compromised in the external cyber-attack on Anthem.”

KTLA reported that the hack is the latest in a series of companies to suffer severe data breaches. Last year, 40 million Target customers had their credit data stolen and hackers obtained the personal information for an additional 70 million customers. Other companies affected included Neiman Marcus, JPMorgan Chase, Experian, eBay and Home Depot.

In this incident, Anthem said that hackers accessed “names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.”

The FBI applauded the health insurance giant’s quick actions in addressing the breach. They are investigating the hack, thinking it may be part an effort to create well-rounded profiles of potential espionage targets. Considered a relatively new kind of dual-pronged hacking attack, it is also afflicting financial institutions worldwide.

“Anthem’s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances,” the FBI said. “Speed matters when notifying law enforcement of an intrusion.”

QZ.com reported that some elements of the Anthem hack have been traced back to China’s infamous People’s Liberation Army Unit 61398, which has been implicated in many of the recent cyber-attacks against the U.S. government and private companies in the past.

An Anthem spokesperson said that Anthem “encrypts data in motion–data that moves between servers.” But the company does not encrypt “data at rest,” or stores it in its databases. They claim the company did everything it could to protect and monitor for this type of attack. The spokesperson also stated that due to the nature of this sophisticated attack, the actions taken against the system appeared to be normal workflow and they believe that was no indication that this type of attack could have been prevented or caught prior to exposing data.

 

Author

Post navigation