(Bloomberg) — Investigators of the Anthem Inc. (NYSE:ANTM) data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health care companies for purposes other than pure profit, according to three people familiar with the probe.
The breach, which exposed Social Security numbers and other sensitive details of 80 million customers, is one of the biggest thefts of medical-related customer data in U.S. history.
See also: 5 big cyber threats for small businesses.
The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group — defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.
The Anthem theft follows breaches of companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that have touched the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully. Though President Barack Obama promised action against North Korea after the destruction of property at Sony Pictures Entertainment, corporations and the government have struggled to come up with appropriate responses to attacks that fall into a gray area between espionage and crime.
Technical details of the attack include “fingerprints” of a nation-state, according to two people familiar with the investigation, who said China is the early suspect.
The Federal Bureau of Investigation (FBI) is leading the investigation, according to Anthem, which has hired FireEye Inc., a Milpitas, Calif.-based security company, to assist.
China has said in the past that it doesn’t conduct espionage through hacking. The Chinese embassy in Washington didn’t immediately respond to a request for comment.
Hackers could use stolen information — which Anthem said in its case included birthdates and e-mail addresses — to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks. Government officials have been investigating whether foreign interests are using personal, financial or medical information as leverage to gain intelligence from people who want their information to stay private, according to the U.S. official.
Michael Daniel, President Obama’s chief adviser on cybersecurity, is an an Anthem customer who would be resetting his password, he said in a Bloomberg Web seminar early Thursday.
Among those insured by Anthem have been employees of Northrop Grumman Corp., according to the insurer’s website, while the company has processed claims for workers at The Boeing Company in Missouri. Boeing has about 15,000 workers in Missouri, where the company’s defense unit is based. Those and other defense contractors could be of interest to foreign intelligence organizations.
Anthem spokeswoman Kristin Binns declined to comment.
John Dern, a spokesman for Boeing, and Mark Root, a spokesman for Northrop Grumman, didn’t immediately comment. Jenny Shearer, a spokeswoman for the FBI, declined to comment.
In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike, an Irvine, Calif.-based cybersecurity firm. He declined to name any of the companies affected.