In the wake of a serious hacking, a US health insurer has resolved a problem with government watchdogs snuffling around a huge data leak by banning them from its networks.
Anthem Healthcare lost more than 80 million patient records raising a slight question about what it does about security.
However when the federal auditor asked to scan the company’s systems, it took the bold step of telling the watchdog to sling its hook.
The Office of Personnel Management’s (OPM) Office of Inspector General, issued a statement saying that Anthem refused to allow the agency to perform “standard vulnerability scans and configuration compliance tests” this summer, as requested by the OIG. Worse: Anthem refused a similar request in 2013. In each case, Anthem cited “internal policies” that forbid outside access to its network as the reason for refusing to allow the vulnerability scans.
In other words, no you can’t look at our security because that would be a breach of security.
In its dealings with other insurers, the watchdog would have a problem, but OPM has the authority to conduct the audits on Anthem because that health insurer provides health plans to federal employees under the Federal Employee Health Benefits Program (FEHBP).
What Anthem appears to be worried about is that the watchdog might find out that its security problems go much deeper than a one off hacking.
An earlier OPM report filed in September 2013 and based on only limited access to Anthem’s network identified a number of concerns, from porous vulnerability scans that failed to include desktop systems to a loose configuration management program. In each case, Anthem (then Wellpoint) responded by arguing that its current processes were adequate.
President Barack Obama is to meet CEOs in Silicon Valley today to canvass their views on ways to improve existing cyber legislation.
That’s in the wake of massive attacks on healthcare company Anthem and Sony.
According to Reuters, Obama is expected to say that government and the private sector need to cooperate better to meet the challenges of cyber attacks.
A White House representative said that the idea is that if the USA gets it right, more people and companies worldwide will do business with America.
But while Obama will meet some CEOs, some will pointedly stay away including Google, Facebook and Yahoo. They don’t think that the US has done enough to protect their customers from NSA surveillane.
Obama wants Congress to pass a law giving liability protection to companies that share their data about security.
A report said that
investigators into a hack at US healthcare firm Anthem are blaming the Chinese government for the breach.
Bloomberg, which said it has spoken to three people on conditions of anonymity, claim the hacks are to provide the Chinese government with data on government workers and others.
Hackers managed to grab as many as 80 million details of Anthem’s customers.
The wire is blaming an espionage unit dubbed “Deep Panda” for orchestrating the attack.
China consistently denies that it hacks into organisations or into other countries’ computer systems. It’s widely believed, however that many countries, including China, have cyber warriors testing others’ systems.
“Deep Panda”, if it exists, is alleged to have made hacking attacks on contractors and other health care companies over the last few months, Bloomberg alleges
The investigation into the Anthem attack is being led by the Federal Bureau of Investigation.
Anthem has not yet explained the vulnerability in its IT systems which allowed its data to be hacked.
An American health insurer
appears to have been hacked and lost millions of its customers’ records.
Anthem said that hackers stole the identities of customers across all of its business units.
It has about 37 million customers in the USA and has reported the attack to the Federal Bureau of Investigations (FBI).
It has said it has now closed the hole but that’s somewhat equivalent to closing the gate once the horse has bolted.
The hackers do not appear to have had access to Anthem customers’ credit card records.
It has set up a website to try to explain what happened, with its CEO and president claiming his company had state of the art information security systems.
He said that despite that, his company “was the target of a very sophisticated external cyber attack. These attackers gained unauthorised access to Anthem’s IT systems”.
Anthem has hired a company called Mandiant to assess its IT systems.
Sheffield said: “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge.”