Two Chinese nationals have been charged by the U.S. Department of Justice with the massive 2014 hack of Anthem's computer systems.
A federal grand jury indicted Fujie Wang, 32, of Shenzhen, China, and an unnamed individual, whose aliases include Deniel Jack, Kim Young and Zhou Zhihong, with conspiring to commit fraud, wire fraud and intentional damage to a protected computer.
In what remains the largest data breach in the healthcare industry's history, the hackers stole personal data--including names, birth dates, addresses, Social Security numbers, and employment details--from 78 million Anthem customers beginning in February 2014.
WHY THIS MATTERS
The charges confirm a long-held belief among many to a Chinese connection to the Anthem hack. The Justice Department's indictment reveals "the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history," said Brian A. Benczkowski, assistant attorney general of the Justice Department's Criminal Division, in a DOJ-issued statement.
However, the indictment did not directly link the two hackers or the group to the Chinese government or a Chinese state sponsor.
Anthem last year was required to pay $16 million--the largest HIPAA fine ever--to the U.S. Department of Health and Human Services Office for Civil Rights.
The defendants used extremely sophisticated techniques to hack into the computer networks, including sending of specially-tailored "spearfishing" emails with embedded hyperlinks to employees, according to the indictment. After a user accessed the hyperlink, a file was downloaded that, when executed, deployed malware that would compromise the user's computer system by installing a tool known as a backdoor that would provide remote access. The hackers sometimes patiently waited months before taking further action, eventually engaging in reconnaissance by searching the network for data of interest.
The FBI has issued a wanted poster for Fujie Wang, which says he is known to reside in Shenzhen, China.
Online data thieves are acutely focused on the healthcare industry, which was recently named as the top target for cyberattacks in a report by BakerHostetler, a law firm with a national cybersecurity practice. The report found that hospitals and health systems represented 25 percent of U.S. data breaches in 2018.
One reason: Just one electronic health record could be worth hundreds or even thousands of dollars on the black market.
ON THE RECORD
"The cyber attack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans," said Josh Minkler, U.S. Attorney for the Southern District of Indiana. "This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice."
Mark Klimek is an independent writer and editor with 20 years' experience covering financial issues, healthcare and more.