What happened?
Anthem, Inc. was the victim of a cyber attack. Anthem
discovered that one of its database warehouses was
experiencing a suspicious data query. We immediately
stopped the query and launched an internal investigation.
Anthem took immediate action to secure its data and
contacted federal investigators as soon as it made
that discovery.
When and how did you discover the attack?
On January 27, 2015, an Anthem associate, a database
administrator, discovered suspicious activity — a data query
running using the associate’s logon information. He had not
initiated the query and immediately stopped the query and
alerted Anthem’s Information Security department. It was
discovered that logon information for additional database
administrators had been compromised.
On Jan. 29, 2015, we determined that we were the victim
of a sophisticated cyber attack. We notified federal law
enforcement officials and shared the indicators of
compromise with the HITRUST C3 (Cyber Threat Intelligence
and Incident Coordination Center).
How many people are impacted?
Anthem is currently conducting an extensive IT Forensic
Investigation to determine what members are impacted. We
will provide additional details to our ASO clients as soon as it
is available. Initial analysis indicates the attacker had access
to information on tens of millions of consumers. This includes
Anthem’s affiliated health plan members and other consumers
within the Blue Cross Blue Shield system. Social Security
numbers were included in only a subset of the universe of
consumers that were impacted.
Is there information Anthem clients and customers
can provide to members who ask about the Anthem
cyber attack?
Anthem encourages anyone with questions to go to
AnthemFacts.com
or call the toll free number
1-877-263-7995
.
What information has been compromised?
Initial investigation indicates that the member data accessed
included names, member ID numbers, dates of birth, social
security numbers, addresses, phone numbers, email addresses
and employment information including income data.
Why should I trust you with my employee’s data in the future?
Safeguarding our members’ personal, financial and medical
information is one of our top priorities, and because of that,
we have a state-of-the-art information security system to
protect the data.
Anthem has contracted with Mandiant — a global company
specializing in the investigation and resolution of cyber
attacks. Anthem will work with Mandiant to ensure there are
no further vulnerabilities and work to strengthen security.
What measures have you taken to protect against further
cyber attacks?
Anthem Information Security has worked to eliminate any
further vulnerability and continue to secure all its data.
Cyber attacks are continually evolving and cyber attackers
are becoming more sophisticated every day.
We are also
working with federal law enforcement to ensure our
environment is as secure as possible.
Anthem continues to stay abreast of cyber attack methods
and tools and works closely with many private and public
organizations that specialize in the prevention, evaluation
and investigations of cyber attacks.
What are your security protocols? Why didn’t they work?
The attack that occurred was highly sophisticated in nature.
The attacker had a proficient understanding of the data
platforms. The attacker utilized very sophisticated tools and
methods in which to carry out the attack and took care to
cover tracks by moving from server to server within the
environment, often using a different compromised user ID
each time they connected to a different server.
The Anthem associate who discovered the suspicious query
activity followed appropriate protocol and immediately
notified Information Security. Anthem immediately launched
an investigation. Once Anthem determined it was a cyber
attack, Anthem contacted federal investigators.
Anthem has changed passwords and secured the compromised
database warehouse.
Update on Anthem Cyber Attack —
General Information for Clients and Brokers
51797WPMENABS 2/15