News of the hack that occurred at Premera Blue Cross in Seattle and which involved the medical records of some 11 million members spread quickly over the last two days, and appears to be strikingly similar to the major attack that Anthem suffered barely a month ago.
Anthem’s hack involved a staggering 80 million members, and it has been suggested that a foreign state is responsible for the breach, possibly a group from China known as “Deep Panda.”
According to Brian Krebs, a former Washington Post reporter who blogs on data security, the two attacks look pretty alike.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
“Although Premera isn’t saying so just yet, there are indicators that this intrusion is once again the work of state-sponsored espionage groups based in China,” he wrote in a recent blog post.
On top of that, it turns out federal officials had warned Premera about security risks almost a year ago, according to a report in the Seattle Times.
“Officials gave 10 recommendations for Premera to fix problems, saying some of the vulnerabilities could be exploited by hackers and expose sensitive information. Premera received the audit findings April 18 last year, according to federal records,” the paper reported.
Combined, the possibility of a state-sponsored, sophisticated attack happening twice in less than a month and the seemingly laggard response to security concerns underscore the ongoing problem in healthcare of unprepared payers and providers and the increase with which they are targeted.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
After Anthem’s breach, it was noted, often loudly, that the data was unencrypted, and the Premera hack has renewed the calls for encryption of health records in some corners. Several prominent voices came to Anthem’s defense, however, and noted that encryption isn’t the only answer, especially with sophisticated operations.
Krebs details some of the similarities in the hacks as such:
“On Feb. 9, 2015, KrebsOnSecurity carried an exclusive story pointing to clues in the Anthem breach which suggested that the attackers blamed for that breach — a Chinese state-sponsored hacking group known variously as “Deep Panda,” “Axiom,” “Group 72,” and the “Shell_Crew” — began chipping away at Anthem’s defenses in late April 2014. The evidence revolved around an Internet address that researchers had tied to Deep Panda hacking activity, and that address was used to host a site called we11point.com (Anthem was previously known as Wellpoint prior to its corporate name change in late 2014).
As that story noted, Arlington, Va. based security firm ThreatConnect Inc. tied that Wellpoint look-alike domain to a series of targeted attacks launched in May 2014 that appeared designed to trick Wellpoint employees into downloading malicious software tied to the Deep Panda hacking gang.”
MedCity News on Tuesday sent questions to Premera seeking further information on whether a state actor is suspected and whether or not data was encrypted but has not yet heard back (will update when we do).
So far, Premera has deferred to the FBI on whether a foreign-based group is suspected, which itself has not elaborated on the matter. Security firm Mendiant has been enlisted to help the FBI.
The other notable factor with Premera’s hack is that information acquired by hackers included actual medical information, and not just patient information like Social Security numbers, names, date of birth and the like. Reuters reported that the 11 million records obtained is the biggest such medical information breach yet.
