Early signs in the Anthem Inc. data breach investigation are pointing to Chinese state-sponsored hackers, Bloomberg reports.
The cyberattack on America’s second-largest healthcare insurer exposed sensitive data on up to 80 million customers, including Social Security numbers.
{mosads}The digital thieves may have been seeking the information for reasons other than pure profit, Bloomberg said.
Investigators are tracking evidence that the attack could be part of a larger scheme to pilfer medical data as a way to infiltrate the computers of valuable espionage targets, such as defense contractors and government workers.
Hackers can use the personal information lifted from healthcare companies to send credible-looking emails that lure people into clicking on links, giving attackers access to their computers.
U.S. officials told Bloomberg this strategy is increasingly common among foreign nations with cyber espionage skills.
The patterns in the Anthem case mirror previous thefts tied to Chinese hackers, according to sources familiar with the investigation.
The White House recently took the unprecedented step of blaming a foreign country, North Korea, for last year’s Sony Pictures Entertainment hack, which devastated the film studio’s network, exposed internal data and emails and nearly caused the cancellation of a big-budget comedy.
Don’t expect the administration to necessarily pin the Anthem attack on China or any other country, however.
“I think, in many circumstances, it will continue to be the case that it is not in our interest to try to do attribution of a particular intrusion,” said White House Cybersecurity Coordinator Michael Daniel during a Bloomberg Government event Thursday.
The FBI is looking into the Anthem attack.
“Just because we don’t do public attribution in a given situation does not mean we are not aggressively pursuing responses to a particular incident,” Daniel added.
The Anthem hack is just another in a growing line of high-profile hacks. Companies like Target, Home Depot and JPMorgan Chase have all been hit, exposing tens of millions of consumers’ data.
The data breach at Anthem was the first instance of a publicly disclosed major hit at a healthcare company. It is thought to be the largest healthcare data breach to date.