Chinese hackers suspected after massive data breach at US health insurer

PUBLISHED : Friday, 06 February, 2015, 10:46am
UPDATED : Friday, 06 February, 2015, 10:46am

Several US states are investigating a massive cyberattack on No 2 US health insurer Anthem Inc that is being looked at for possible ties to China, according to a source familiar with the probe.

Separately, representatives from Anthem were scheduled on Friday to brief the House Energy and Commerce Committee on the breach. “This latest intrusion into patients’ personal information underscores the increasing magnitude and evolving nature of cyber crimes,” Fred Upton, the committee’s chairman, said in a statement. “Every business is at risk and American consumers are anxious.”

Connecticut Attorney General George Jepsen asked Anthem Chief Executive Joseph Swedish to provide by March 4 detailed information about the cyberattack, the company’s security practices and privacy policies, according to a letter obtained on Thursday.

“We hope and expect to work in close coordination with other attorneys general,” said Jaclyn Falkowski, a spokeswoman for Jepsen.

Anthem disclosed the attack late Wednesday, saying unknown hackers had penetrated a database with some 80 million records. The insurer said it suspected they had stolen information belonging to tens of millions current and former customers as well as employees.

US President Barack Obama’s cybersecurity adviser, Michael Daniel, speaking at a seminar in Washington, called the data breach “quite concerning”and warned consumers to change their passwords and monitor their credit scores.

The attorneys general of Illinois, Massachusetts and North Carolina are also looking into the breach, according to representatives of their offices.

Connecticut has worked with other states to investigate some of the biggest US data breaches reported to date, including ones at retailers Target Corp and Home Depot. The office of Connecticut’s attorney general said Anthem has agreed to two years of credit monitoring for customers there.

A representative for New York Attorney General Eric Schneiderman declined to say if he planned to work with Connecticut but noted his office had contacted Anthem to discuss protecting its customers in wake of the data breach.

A source familiar with the probe said that a connection to China was being looked at.

The Wall Street Journal said that people close to the investigation say some tools and techniques used against Anthem were similar to ones used in previous attacks linked to China.

A representative with FireEye, which was investigating the attack on behalf of Anthem, declined comment.

The FBI said late Wednesday it was also looking into the matter but did not discuss suspects. FBI officials could not immediately be reached on Thursday.