Dive Brief:
- A federal grand jury indicted a China-based group that hacked into the computer systems of Anthem and three other large U.S. businesses, the government announced Thursday.
- The indictment, unsealed Thursday, charges Chinese national Fujie Wang and other members of the hacking group with four counts, including conspiracy to commit fraud and intentional damage to protected computers.
- Anthem's speed in notifying the government of the intrusion into its computer systems and the insurer's cooperation in the investigation helped identify the people responsible for the breaches, the FBI said.
Dive Insight:
The four-count indictment charges the hacking group members with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud and two substantive counts of intentional damage to a protected computer. The three other businesses affected were not identified.
The breaches began in February 2014 and continued into 2015, affecting more than 78.8 million Anthem members. Stolen data included names, dates of birth, Social Security numbers, addresses, telephone numbers, emails and employment and income information, according to the indictment.
The action shows the government is "committed to protecting PII [personally identifiable information], and will aggressively prosecute perpetrators of hacking schemes . . . wherever they occur," Assistant Attorney General Brian Benczkowski of the Justice Department's criminal division, said in a statement.
The hack into Anthem's system and the related exposure of the PPI of more than 78 million members' was the largest health data breach in history. Anthem had to pay $16 million — the biggest HIPAA fine ever — to the HHS Office for Civil Rights, although the insurer didn't admit any wrongdoing.
And the healthcare industry has the poorest cybersecurity track record, holding onto its position as the industry with the most cybersecurity breaches. Healthcare's biggest security threat continues to be its own employees, as workers cause the most breaches, according to a recent report from Verizon.