Health insurer Anthem Inc on Friday warned US customers about an email scam targeting former and current members whose personal information was suspected to have been breached in a massive cyber attack. The No 2 US health insurer said on Wednesday that hackers breached its computer system containing data on up to 80 million people.
Anthem announced the warning about the email scam in a statement, saying they purport to come from Anthem and ask recipients to click on a link to obtain credit monitoring. Anthem advised recipients not to click on links or provide any information on any website. The company said it will contact current and former members about the attack only via mail delivered by the US Postal Service. It is not calling members regarding the breach and is not asking for credit card information or Social Security numbers over the phone.
Anthem said there was no indication the email scam was connected to those who perpetrated the security breach. The insurer acknowledged that data accessed by hackers had not been encrypted, as is the normal practice at many companies. "When the data is moved in and out of the warehouse it is encrypted. But when it sits in the warehouse, it's not encrypted," Anthem spokeswoman Cindy Wakefield said.
Anthem needs to be able to easily access patient data in order to create the numerous reports it generates for customers and regulators as part of doing business, Wakefield explained. "I think that is standard practice," she added. "How we managed our data in the warehouse has been appropriate," Wakefield said. "No one has pointed a finger and said you did this wrong and this is why this happened." But Richard Marshall, a former senior cybersecurity defense expert at the US National Security Agency, said the numbers should have been encrypted.
"Social Security numbers can be sold to people who are here illegally," said Marshall, who now advises private security firms. "Identity theft is a major issue." In a separate case on Friday, Intuit Inc temporarily halted electronic state tax return filings by its customers after detecting what a spokeswoman said was identify theft-driven fraudulent returns seeking refunds. She said the fraud had not been tied to any specific breach, including that at Anthem.
Intuit said late Friday it had resumed electronic filings of state tax returns. Experts at other companies said they believed that Anthem attacks would eventually be tied to one of the most sophisticated hacking groups in China, which security firm CrowdStrike calls Deep Panda and which reportedly began targeting the healthcare industry last year. "We've seen the Deep Panda actor registering domain names that were haelth-sector specific and could be potentially tied to victims," said Adam Meyers, CrowdStrike vice president of threat intelligence.