Though it’s early in the investigation, China’s "fingerprints" are on the Anthem data breach that gained access to the private data of 80 million former and current members and employees of Anthem, the second-largest American health insurer,
Bloomberg reports.
"This goes well beyond trying to access healthcare records," said Adam Meyers, vice president of intelligence at Crowdstrike, an Irvine, California, cybersecurity firm. "If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection."
The hacked information can also be used by criminals, he told Bloomberg, who may work for the Chinese government by day and moonlight at night.
The Washington Post reported that a set of complete health insurance credentials sold for $20 on underground markets in 2013, a figure that was 10 to 20 times the price of a U.S. credit card number with a security code.
"Healthcare records are the new credit cards," Ben Johnson, chief security strategist at cybersecurity firm Bit9 + Carbon Black, told the Post. "If someone gets your credit card number, you cancel it. If you have HIV, and that gets out, there’s no getting that back."
Investigators believe hackers got into the system in early December, and possibly earlier, but the breach was not discovered by Anthem until Jan. 29. The incident was made public this week.
China has previously been implicated in hacks on U.S. contractor USIS, which conducts background checks for the Department of Homeland Security, according to the Post.
Beijing has also targeted state motor vehicle departments and other agencies with large databases.
"The more information the Chinese have about large segments of the American population, the easier it is for them to penetrate our military and intelligence agencies," said Joel Brenner, a former top U.S. counterintelligence official, according to the Post.
"They then have the healthcare information, the fingerprints and the real names of an enormous set of people, many of whom are prime recruits for our intelligence services or our military, or who are already in our military. It’s an enormous advantage in penetrating cover."
In 2010, Anthem, then known as WellPoint, was fined $1.7 million for a computer breach that resulted in the disclosure of personal information of about 612,000 people, according to
USA Today.
The Department of Health and Human Services levied the fine under the Health Insurance Portability and Accountability Act (HIPAA), a 1996 law created, in part, to protect the confidentiality and security of healthcare information.
One in nine Americans is covered through Anthem affiliate healthcare plans, according to the Post, and those plans include Blue Cross Blue Shield brands.
A security expert told USA Today that Anthem members should be cautious of emails or phone calls trying to "trick worried consumers into sharing confidential information such as financial details," according to Lee Weiner, a security expert with computer security company Rapid7.
"Consumers should be suspicious of any unsolicited calls or emails — don't click on links, or provide personal information over the phone or email," he said. "If you get a call, offer to call back and use your search engine to find the appropriate number. Do likewise for any emails."
© 2024 Newsmax. All rights reserved.