Skip to main content

Anthem Hack - The Monday After
Anthem Inc. is the second largest insurance group in the United States. They service nearly Anthem Inc. is the second largest insurance group in the United States. They service nearly 67 million people through their affiliate programs including 37 million enrolled in it family health plans. On February 4, 2015 Anthem released that it had been impacted by a recent data breach affecting a large number of its members and affiliate groups. A statement from CEO Joseph Swedish ( regarding the data breach and a FAQ page answering some of the outstanding questions that everyone has can be found here (

What do we know so far ...
  • We know that Personally Identifiable Information (PII) of over 80 million healthcare members has been accessed . This includes: Social Security Numbers (SSN), addresses, emails, salary information, birthdays, phone numbers, and other such data.
  • According to Anthem’s statement, the impacted (plan/brands) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
  • The FBI believes, with High Certainty, that these attacks are state-sponsored in nature, and it appears that they are originating from Chinese IP spaces.
  • The attacks could have started as early as April 2014.
  • Deep Panda is the hacking group that is being blamed for some, if not all, of these attacks. CrowdStrike is the information security firm that has given the group this name and has been monitoring Deep Panda's movements over the past year.
  • According to a memo received by Steve Ragan, a writer for the CSO Online blog Salted Hash, Anthem database administrator credentials where used to run queries on their systems. The memo also states that the attackers had a good understanding of the database infrastructure. Read more at
  • Anthem says that they will be notifying the affected via postal services. This will most likely be something along the lines of free credit and ID monitoring for a years. Nothing we have not heard from past data breach victims.
What do we not know ...
  • How were the attackers able to get in?
  • When did the attack actually begin?
  • How long did Anthem know about the breach before notify authorities and the public?
  • Why did they not see so much data leaving their network?
  • What can other organizations and other domains learn from this attack?
  • What are they going to do about further mitigation?
What should we do for now ...
  • Watch out for phishing scams relating or referencing to the Anthem data breach.
    • DON'T click on any links within unknown emails.
    • DON'T respond to suspicious emails or try to contact the sender of such emails.
    • DON'T give out any of your personal information such as credit card numbers, usernames, passwords, etc ...
    • DON'T open or view any attachments from emails that you were not expecting, and even if you were expecting any email from someone, it is best to contact the individual before opening the document.
  • Be on the lookout for phony phone calls from individuals claiming to be associated with Anthem or the like.
  • Be sure to keep an eye on your credit reports and transaction history. Possibly consider requesting a credit freeze. This will stop anyone from opening new lines of credit under your name unless a 4-digit PIN is provided. (The PIN will be issued to you by one of the 3 credit clearing houses)
  • Be on the lookout for Anthem's notification via mail.
I am interested to know more about this breach. Especially sense it affects such large group. I wonder what the credentials consisted of and what kind of awareness programs where happening within Anthem. Even the best security programs can be cracked if the human element is compromised.

More information to come as it is released.


Popular posts from this blog

Emby Media Server | Arch Linux

Prerequisite:I have tried to install Emby directly from the Arch package repositories, but for whatever reason, permissions for the emby service user were not allowing emby to access the media file locations. Now that I have used it a little bit, Docker seems to be the best, and easiest way, to get Emby up and running reliably. Below is my experience running through the emby installation process. Most of it comes from the GitHub tutorial, but I've added my take and what I've done to resolve certain issues.Note: The following install was done on an Arch Linux box, running the most recent kernel, which at the time was 4.3.3.-2-ARCH.You can get he full GitHub installation guide from herePrerequisite:First, make sure that you have a working Docker instance:sudo pacman -S docker Now, start the docker service:sudo systemctl enable docker sudo systemctl start docker Your docker container should now be running, and it should startup after each reboot of your system. To Check that the …

Installing Arch Linux & Gnome 3 Desktop

Installation:The following steps are what I did to install Arch linux on my Asus laptop and many other devices. The Beginners Install Guide is much more in-depth and explains some other features like MBR installs, full and partial disk encryption, and the GRUB boot loader.Installation:Bootable Arch Media:You can grab the latest ISO from here. I always grab one from one of the US mirrors, but they have a Torrent file as well.Now lets create the install media:# sudo dd bs=512 if=/location/of/your/iso_file of=/dev/sdx && sync This will take about 5 minutes to complete, but it will depend on the quality of the flash media.Install Arch:Boot to the USB drive that you just created, and select the first boot option.After the OS environment boots, take a look at the connected devices and determine where you will be installing Arch. If you know how large your target drive is, determining which device to use should be fairly straight forward.# lsblk Network Setup:If you are connect to yo…