The attack was detected last week when a systems administrator saw a database query he hadn't initiated was being run using his ID, according to a report in the Wall Street Journal. The stolen data was found stored in a Web-storage cloud service and secured. But it was uncertain whether the thieves had already backed it up from there to another location, the report says.
"Statements indicating that the company immediately made every effort to close the security vulnerability suggest that a known vulnerability was exploited in the corporate web environment or that a payload was delivered via spear phishing to employees but was easily corrected once identified as the point of entry," says Adam Meyer, chief security strategist at SurfWatch Labs.
The breach was reported to HITRUST Cyber Threat Intelligence and Incident Coordination Center, a health industry alliance to better prepare healthcare organizations for dealing with security. "Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation," HITRUST says.
Anthem has also hired Mandiant to evaluate its systems, according to Anthem CEO Joseph R. Swedish in an online letter to the company's customers.
The incident should serve as a wake-up call. "If the healthcare sector doesn't get the message that they are storing treasure troves of information and are not doing enough to protect it, I can only hope consumers and companies who provide healthcare plans speak with their wallets and work with healthcare providers that go above and beyond to protect the most personal of an individual's information," says Sean Mason, vice president of Incident Response at Resolution1 Security.
"This attack is 1.0 for major league healthcare," says from Tim Eades, CEO of vArmour.
Sign up for Computerworld eNewsletters.