The Hits Keep Coming: More Healthcare Hacks


Target, Anthem and now Premera Blue Cross. Whether it’s retail or healthcare, there is valuable personal data at risk, and we are all potential victims.

In the Premera hack, there were 11 million customers affected by the breach of financial and medical records. The intrusion, similar to the Anthem breach (although on a smaller scale) could still be fiscally devastating to millions of people should their social security numbers and other delicate information be compromised.

In an explanation of the attack on their website, stated,

Similar to the Anthem hack, customer information, including names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, identification numbers, bank account information, and claim information—including medical ailments–may have been leaked by hackers.

The fact that phishers were able to gain five sets of login credentials from authorized users indicates how dangerous an innocent mistake, such as opening a spam email, can be to an entire data system. .

The attacks aren’t from a Russian teen this time, they aren’t from a bored college kid, they are coming from China, and it could get worse. According to Threatpost, “Researchers with ThreatConnect, a Virginia-based firm, suggested last month the Anthem breach may have emanated from China and that there may be a possible Anthem-Premera connection. In a blog post on Feb. 28 researchers with the firm suggested that the campaign may stretch back to 2013 and that a domain they hosted, prennera[.]com, may have been impersonating Premera Blue Cross.”

According to an investigation by the security firm ThreatConnect, in an article titled, “All Roads Lead to China,” — the malicious software used to breach the health insurer mirrors the malware used in a previous Chinese attempted hack on a small U.S. defense contractor. The researchers were also able to link the incident back to parties connected to the Chinese military and intelligence agency.

From SCMagazine,  the Axiom group (also known as “Deep Panda”) has been noted as a state-sponsored group, previously targeting academic institutions in the U.S. as well as Asian and Western government agencies responsible for law enforcement, auditing and internal affairs, and space and aerospace. The years-long exploits of the sophisticated attackers, including their use of a backdoor trojan called Hikit.

Threatpost drives the point home here, ” Experts say the breach is a perfect storm of poorly secured health systems, desperately trying to catch up to the security standards imposed in other critical industries, and a bevy of exposed information that can be leveraged for China’s gain.”

Lessons Learned

Both the Anthem and Target security breaches were caused by simple human mistakes – opening the wrong email attachment, visiting the wrong web page, and/or opening a malicious email. Despite Anthem’s security protocols and safeguards, its employees failed to recognize suspicious phishing emails and unwittingly gave hackers their access information. In Target’s case, the contractor’s employees failed to recognize suspicious phishing emails and unwittingly gave hackers their access information and that information was used to gain access into Target’s system. These simple human mistakes led to the dissemination of confidential data for millions of insured members and customers.

Being proactive in protecting your valuable information is the first and most critical step in safeguarding your data. But sometimes you don’t get to that step in time. There’s always time next week, next month… and that’s what the hackers are counting on. Would you leave your front door unlocked when you go on vacation? Would you leave your home unarmed, without homeowners insurance? Neither would we.

But if they get to you before your defenses are up, what’s next? What do you do after you’ve been hacked? Once the information is siphoned and personal details compromised, how do you clean up the mess?

You kick into damage control and deploy Security Remediation.

Security Remediation Service by SLPowers can include:

 Security Incident Response & Containment

 Detection & Restriction of Non-Compliant Devices

 Execution of Audit Recommendations

 Working with Auditors for Security & Compliance

 Evaluation of Vendors and Deployment & Integration of New Solutions

Categories: Data Loss Prevention, Data Security, Hackers, Healthcare, Internet Security

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: