It is certainly a good thing that Anthem detected the breach on their own that allowed attackers to breach the records of 80 million people, and that they are taking the necessary precautions to contain it and close the hole. In making statements that point to a sophisticated external cyber attack, Anthem appears confident that this was not an inside-employee attack, or an attack that exploited a glaringly obvious vulnerability. And that may certainly be the case. Without over speculating, however, the deflection to an “external” attack does not mean this did not result from social engineering, a physical penetration of a facility (which can easily lead to a technical breach from the outside), or system that was not patched quickly enough.
More details are sure to emerge, but Anthem cannot ignore the compelling secondary threats at hand. Anthem CEO (Mr. Joseph Sweedish) appears confident that no medical information was breached. Yet. But as any security professional knows, information begets information and with member IDs (and possibly individual IDs, which were not named either way as to their compromise) now likely in hands of the attackers, coupled with full name and social security number, it would be easy for them to attempt exploits of the My Anthem portal to obtain protected health information. This suggests that while medical information was not directly breached, Anthem cannot deny that it is currently at risk. Is obtaining such information the goal of these attackers? Who knows. Any information can be a source of power if it is wielded properly, and there certainly are cases and certain situations where that information can be used for leverage against individuals.
I personally know a lot of the security team members at Anthem. In fact, we have hired some of them. They are very competent people at the top of the food chain in the information security field, and I’m certainly relieved that they detected the breach and are acting accordingly. It just proves the adage that with enough time, resources and patience, a determined attacker will often succeed in harvesting his quarry. I am confident that they will exercise due diligence and explore the potential for secondary threats and risks that are sure to emerge.
[social_share style=”bar” align=”horizontal” heading_align=”inline” facebook=”1″ twitter=”1″ google_plus=”1″ linkedin=”1″ pinterest=”1″ /]