Two Chinese nationals indicted for Anthem breach that affected nearly 80 million customers
According to a recent press release, the Department of Justice unsealed an indictment of two Chinese nationals for a hacking incident that resulted in one of the largest health data breaches of all time.
In 2015, Anthem announced that a breach had occurred that may have exposed protected health information (PHI) of approximately 78.8 million customers and employees, including:
- Addresses
- Birth dates
- Email addresses
- Employment and income information
- Health identification numbers
- Names
- Social Security numbers
- Telephone numbers
Following the incident, it was suspected that hackers in China were behind the attack due to the type of malware. The four-count indictment alleges that Fujie Wang (who used the name Dennis), an individual charged as John Doe, and other members of a Chinese hacking group, orchestrated a campaign of breaches to U.S.-based computer systems, including Anthem and three other unnamed businesses.
The indictment alleges that starting in February 2014, the defendants began to hack into computer networks and installed malware on the compromised systems. After compromising the networks, they identified and collected the data of interest, including the PHI listed above and other confidential business information.
The indictment alleges that the defendants used sophisticated hacking techniques, including sending “spearphishing” emails to employees of the victim businesses that contained an embedded hyperlink. If the link was clicked, a file opened, and if it was downloaded and executed, malware would install a backdoor that provided remote access to the computer system via a server controlled by the defendants.
The indictment also alleges that the defendants waited months before taking further action, but eventually searched the compromised networks for data of interest, like PHI. Specifically, the indictment alleges that the defendants aimed their attack to access Anthem’s data enterprise data warehouse on multiple occasions in October and November 2014. The defendants then allegedly placed the stolen Anthem data into encrypted archive files and sent it to destinations in China in January 2015. The defendants then allegedly deleted the encrypted archive files from the affected networks in order to avoid detection.
Wang and Doe are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer. Read the full indictment here.