INSPENONLINE: China suspected in hack of health insurer Anthem

Tuesday 10 February 2015

China suspected in hack of health insurer Anthem

The massive cyberattack against Anthem, the nation's second-largest health insurer, exposes a growing cyberthreat facing health care companies that experts say often are unprepared for large attacks.

Hackers gained access to the private data of 80 million former and current members and employees of Anthem in one of the largest medical-related cyberattacks in history.

Authorities said the attack, discovered late last month and disclosed this week, did not involve private health records or credit card numbers, but it did expose Social Security numbers, income data, birthdays, and street and e-mail addresses.

Investigators suspect Chinese hackers might be responsible for the breach, according to an individual briefed on some aspects of the probe. There are also some indications that other health-care companies might have been targeted, said the individual, who spoke on the condition of anonymity to discuss the ongoing investigation.

Security experts said health care has become one of the ripest targets for hackers because of its vast stores of lucrative financial and medical information.

Health insurers and hospitals, they added, have struggled to mount the kinds of defenses used in large financial or retail companies, leaving key medical information vulnerable to attack.

While medical records, such as treatment details or test results, were not compromised in what Anthem called "a very sophisticated attack," experts say the breach underlines the worrying potential for attackers to steal private health data valued on the black market as tools for extortion, fraud or identity theft.

Medical information could be exploited, for example, to file false insurance claims and buy prescription drugs, and attackers could extort cash from policyholders desperate to keep their private medical data under wraps.

"Health-care records are the new credit cards," said Ben Johnson, chief security strategist at cybersecurity firm Bit9 + Carbon Black. "If someone gets your credit card number, you cancel it. If you have HIV, and that gets out, there's no getting that back."

1 in 9 Americans

Anthem, formerly known as WellPoint, covers one in nine Americans through its affiliate health plans, including under the Blue Cross Blue Shield brands. In Colorado, Anthem held the second-largest market share for health insurers in 2013, the latest year for which data were available.

The breach has "definite potential to be the largest" hack of a health-care organization, although it is too early in the investigation to say definitively, said Vitor De Souza, a spokesman for FireEye, which owns the company now helping with Anthem's security.

The data breach could affect individual policyholders as well as those enrolled in managed-care plans through Medicaid.

Anthem's chief executive, Joseph Swedish, was among those to have their personal data exposed. Anthem said it will notify current and former members whose information was breached, as well as provide free credit- monitoring and identity-protection services.

Once Anthem discovered the data breach Jan. 29, company officials contacted the FBI and retained Mandiant, a cybersecurity firm, to investigate the attack and review the insurer's defenses. The FBI said it is investigating the breach, which was first reported Thursday by The Wall Street Journal.

Lucrative data

Hackers were able to grab some of what experts called the most lucrative and damaging types of stolen personal data. Social Security numbers are an attractive target because they are tough to change and crucial to government, financial and medical use.

A set of complete health insurance credentials sold for $20 on underground markets in 2013 — 10 to 20 times more than a U.S. credit card number with a security code, according to Dell SecureWorks.

Medical information includes key identifying details that could be used to create a "fake patient" that could fraudulently bill programs such as Medicaid, experts said.

"What we've seen in the last few years is that attackers have realized the economics of health-care data are very, very attractive," said Lee Weiner, senior vice president at cybersecurity firm Rapid7.

The link to Chinese hackers, which was first reported by Bloomberg News, means the attack could be part of a larger campaign, experts say.

Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, said he has seen Chinese government hackers target health-care providers and insurance companies in the past six months for Social Security numbers and personal identifying information as well as health-care information.

"China sucks up as much information as possible on a variety of people that could come in handy later," he said, adding that CrowdStrike does not have information on the Anthem hack.

China has also been implicated in hacks on USIS, a major U.S. contractor that conducts background checks for the Department of Homeland Security. The Chinese also have targeted state motor vehicle departments and other agencies with large databases, Alperovitch said.

That employee data was stolen in the Anthem hack could indicate that hackers might be preparing for another attack, which would allow them to access internal systems that they were otherwise unable to reach, said Tom DeSot, an executive at cybersecurity firm Digital Defense.

Anthem has come under fire in the past for weak security. The insurer agreed in 2013 to pay $1.7 million to resolve federal claims that poor internal safeguards left personal information, including Social Security numbers and health data, from more than 600,000 people available online.

What got hacked?

Health insurer Anthem said late Wednesday that hackers broke into a database of information on 80 million people, in an attack the company discovered last week. The Blue Cross Blue Shield insurer said the hackers gained access to names, birthdates, e-mail addresses, employment details, Social Security numbers, incomes and street addresses of people who are currently covered or have had coverage in the past. The insurer, which covers more than 37 million people, said credit card information wasn't compromised.

If your data are stolen

Notify the credit agencies (Equifax, Experian, TransUnion) and request a 90-day credit alert. You might consider asking the agencies to place a full freeze on your credit.

Check your credit-card bill for irregularities, and don't overlook small charges.

If someone does steal your identity, contact the credit issuer to dispute fraudulent charges; ask the reporting agencies to remove bogus accounts from your record, and submit a report through the FTC website.

The Associated Press

No comments:

Lawal is Inspen 2014 insurance man of the year

The former President Chartered Insurance Institute of Nigeria (CIIN) Fatai Lawal has emerged the 2014 Inspenonline Insurance Man of the year.

Fatai who is the the Managing Director Sterling Assurance Nigeria Limited was named today, at the Nigerian Insurance and Pension Award organised by Inspenonline.

Chief Executive Officer Inspenonline Media, Chuks Udo Okonta, said Lawal was picked from the votes casted by the public and other considerations made by the award's panel of assessors.

He noted that the winner raised the bar at the the Institute and the industry by opting to serve a tenure which was eventful and impactful. He added that amongst the legacies left by the winner was the printing and donation of Insurance books to secondary and tertiary institutions aimed at deepening insurance awareness.

Okonta noted that the award, which started two years ago with the recognition of two distinguished individuals and an underwriting company, has now come to stay.

"This year, we decided to raise the bar by setting high standards to judge the operations of companies and impacts made by individuals in moving insurance and pension business forward.

"To achieve this, we gave the public the opportunity to select those to be celebrated by calling for votes. Having harmonised the votes which came from different parts of the country, we benchmarked the scores with the set standard to arrive at the winners we are celebrating today," he said.

Others winners are AIICO Insurance Plc, Insurance company of the year; FUG Pensions Limited, Pension Fund Administrator of the Year; YOA Insurance Brokers Limited and Glanvill Enthoven Insurance Brokers Limited, Insurance Broker of the year.

Professional Excellence Award went to Professor Joe Irukwu; Best Professional Group went to the Chartered Insurance Institute of Nigeria and Association of Registered Insurance Agents of Nigeria; Corporate Brand went to Mansard Insurance Plc and Leadway Assurance Limited while Corporate Social Responsibility Award was won by Sovereign Trust Insurance Plc.

The organisers also recognised organisations that distinguished themselves, with Excellence Award. Organisations in this category include the National Pension Commission, Lagos State Pension Commission, Goldlink Insurance Plc and Pension Transition Administration Directorate.

Casino and Gaming Insurance

Anyone who operates or is considering opening up a casino or gaming establishment, requires insurance. As an online gambler, it is important that you play at a gambling establishment that follows reputable business practices. The best casinos are those that do not just protect their customers, but also protects themselves.

If you’re going to gamble online, you need to make sure that you choose a high-quality site like PlayMillion.com. Leading virtual casinos in the online gambling industry provide players with a secure and fair gaming environment. At PlayMillion, Players can enjoy 24/7 customer support, a multi-lingual platform, a VIP Lounge, a variety of promotions, and a truly generous signup bonus.

Customers of this internet casino brand can also enjoy great games like Caribbean Poker. This is an exciting card game and an interesting poker variant. Unlike other variants of this popular card game, while this version is similar to five-card stud, your opponent is the house, not the other players. Online Caribbean Stud is an exciting way to experience poker quickly and conveniently, whenever you want.

What else do you need to know about casinos and insurance? Unless you are a casino operator, there really isn’t anything else you need to think about. Essentially, when you are a player you need to concentrate on creating your own personal insurance to yourself. In other words, you need to make sure that you create a gambling budget and that you stick to it. Once you create a bankroll, your goal should never be to deplete it. This makes certain that you will always have money with which you can play. Equally, you should set yourself winning and losing limits, so you know when to call it a day.
　