Dive Brief:
- Anthem reported a massive cyberattack last February by Chinese hackers when 78.8 million customers' personal information was accessed. After an investigation, the FBI says the hack was done to learn about the U.S. healthcare system rather than to sell the stolen data.
- The breach included 14 Anthem Plans and 42 non-Anthem Blue plans and included personal information such as dates of birth, names, Social Security numbers and other personal data.
- The company reported the breach did not appear to affect the members individual medical or financial data and there was no evidence it was being sold online.
Dive Insight:
Symantec, a software company, said it traced the attack to a cyber espionage group called Black Vine, as reported by FierceHealthPayer. But, sources say the goal of the breach was to understand how other nations handle medical care since China is struggling with a large aging population.
Anthem could still be fined and required to take corrective measures after the National Association of Insurance Commissioners and state insurance regulators file results of their investigation. But, according to the Financial Times, it may be difficult to figure out which standards to apply to companies that are victims of state-sponsored attacks.
Approximately 81% of healthcare executives say their organizations have been the target of a cyberattack over the past two years, as per the 2015 KPMG Healthcare Cybersecurity Survey.