During a time where there was a record number of cyber attacks in the healthcare industry – – 55 during 2015 – – the largest and most egregious may be the Anthem hack in which more than eighty million individual’s highly sensitive personal data information was exposed in December of 2014. While retail, education, government and public and financial institutions were all hit in record numbers in 2014 by cyber attacks, the health care industry was by far the most impacted, or should I say their customers, former customers and even potential customers were.
In 2015 more than 100 million health records were accessed by hackers according to the data provided by the Department of Health and Human Services, Anthem being the largest to date so far. But what may be even worse is the source of these health care data attacks, investigators say the attacks can be tracked back to China. Charles Carmakal, an investigator with the cyber security firm Mandiant which has been contracted by Anthem and Premera after their cyber breaches stated,
We know of multiple threat groups operating out of China that have engaged in attacks in the health care industry. While we believe we know from an organizational perspective who they are, we can’t tell who tasked them to do it. The big question is: are they hackers for hire and were they asked by the Chinese government to do this?
While the Chinese government has denied any culpability behind these cyber attacks there is strong reason to believe the government is in fact behind the attacks. China is in a quandary with their population due to the country’s population policy. The China Development Research Foundation has made some bold recommendations to the country’s current policy, recommending that there should be a “two child” policy gradually put into place due to the rapidly aging population. The suggestion of the Social Development Research Section of the Development Research Center stated, “The benefits China’s population policy brings to society are vanishing rapidly, and the growing aged population and potential future labor shortages will pose grim challenges to the country. Therefore, adjustments to the current family planning policy should be made as soon as possible,” or “an unpleasant situation will develop.”
As China is struggling with its population issues, in particular to its aging population, it is widely held by cyber security experts that the rash of health care company hacks has been motivated by a lack of knowledge rather than for identity theft purposes. It is believed that the cyber intrusions were motivated by the need on China’s part to understand how the United States regulates healthcare, essentially saying that the hacks were to gather intellectual property and trade secrets in the health care industry. This comes as little solace to the 80 million people who had their personal information compromised, and the reasoning is likely met with great skepticism by victims of the Anthem attack. It should be noted that healthcare data is among the highest paid for stolen information on the black market.
The Anthem cyber breach accessed more than 80 million individual’s names, date of birth, social security numbers, medical ID numbers, street addresses, email addresses, income data and employment information. Anthem claims that no actual medical information or credit card information was accessed during the breach; thereby the breach does not make Anthem subject to HIPPA rules which would govern the loss of confidentiality and security of medical information.
As has become the standard public relations bandage to the victims of corporate cyber breaches Anthem is offering it’s current and former customers whose information may have been accessed two years of identity theft protection, repair and credit monitoring services from AllClear ID. Along with the protection offer is the standard warning to potential victims to carefully monitor your credit and identity theft protection suggestions offered on the FAQs page of their web site. These services are also being offered to the following possible victims of the breach:
This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore, HealthLink, and UniCare, and some employees of self-insured employer groups where Anthem received information about non-Anthem members to provide analytics and administrative services. Additionally customers of Blue Cross and Blue Shield companies who used their Blue Cross and Blue Shield insurance in one of fourteen states where Anthem, Inc. operates may be impacted and are also eligible: California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia, and Wisconsin.
AllClear ID is ready and standing by to assist you if you need identity repair assistance. This service is automatically available to you with no enrollment required. If a problem arises, simply call and a dedicated investigator will do the work to recover financial losses, restore your credit, and make sure your identity is returned to its proper condition.
For additional protection, and at no cost, you may also enroll in the AllClear PRO service at any time during the 24 month coverage period. This service includes credit monitoring and an identity theft insurance policy.
Please enroll at https://anthem.allclearid.com/. Those without Internet access can call 877-263-7995.
To access identity repair services, please call 877-263-7995
Anthem has established a dedicated toll-free number that you can call if you have questions related to this incident. That number is 877-263-7995.
How can I find out if my information was compromised?
Those potentially impacted by the cyber-attack can confirm what type of personal information (i.e. their social security number, email address, etc.) was accessed by calling AllClear at 877-263-7995. You will be transferred to a phone representative who will ask for your name, date of birth and possibly additional personal information to ensure that we protect your personal health information (PHI.)
Anthem does not call individuals regarding the cyber attack and is not asking for credit card information or Social Security numbers over the phone. For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing.