Hackers hit health insurer Anthem in ‘sophisticated’ attack


Millions of customer and employee records reportedly affected.

Feb 05, 2015 | By Patricia L. Harman

“Given the reported size and, more importantly, the extent (covering all business lines) it seems clear this was more than one server or database,” said Winston Krone, managing director of Kivu Consulting. “We may find that, like Sony, the hackers had time to navigate round the network (and sub-networks), possibly jumping between units. Consumers should assume nothing until the extent of the breach becomes clearer as the press releases today will be updated. The size will grow and it will be very likely that medical records have been [affected]. The question will be whether such additional compromise is limited to specific business units of Anthem.”

Krone offers this advice for all insurers concerning the protection of customers’ information. “Other insurers need to look at their entire networks which have grown with mergers and acquisitions, often without central security oversight and planning. One poorly protected network added to a larger organization will be the weak link in the chain. This may have been the cause of the Anthem breach.”

Read the full article here