2015 Anthem Health Hack Probably By Foreign Government

Anthem, the second-largest U.S. health insurer, announced it had suffered a massive security breach back in 2015 that exposed the Social Security numbers, birth dates and income data for nearly 80 million customers. At the time, sources close to the investigation said technical details of the attack matched the pattern of a state-sponsored attack.

It looks as though that statement still rings true today.

Fortune reported that an extensive nationwide investigation into the breach is confident that a foreign government likely contracted a hacker to launch the attack on the insurance giant.

“In this case, our examination team concluded with a significant degree of confidence that the cyber attacker was acting on behalf of a foreign government,” Dave Jones, a state insurance commissioner from California, said in a statement.

Jones is one of seven leaders of the investigation, which conducted a cross-country analysis of the data breach in order to determine who is responsible for exposing the millions of customer records.

The investigation also stated that the attack began back in February 2014, though it wasn’t discovered until January 2015. One user at an Anthem subsidiary opened a phishing email that eventually gave the hacker access to Anthem’s entire data warehouse, Fortune noted.

According to Jones, Anthem has since invested nearly $260 million into strengthening its cybersecurity measures and improving its IT infrastructure. However, private companies can only do so much when it comes to defending themselves against state-sponsored attacks.

“Insurers and regulators alone cannot stop foreign government-assisted cyberattacks,” Jones explained. “The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyberattacks on insurers, much as the President did in response to Russian government sponsored cyber hacking in our recent presidential election.”