Anthem attack investigators see signs of Chinese hackers

Investigators of Anthem Inc.’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.

The breach, which exposed Social Security numbers and other sensitive details of as many as 80 million current and former customers, is one of the biggest thefts of medical-related customer data in U.S. history. China has said in the past that it doesn’t conduct espionage through hacking.  

The attack, announced Wednesday night, appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group—defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.

The latest theft continues a string of major breaches of companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that have touched the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully. Though President Barack Obama promised action against North Korea after the destruction of property at Sony Pictures Entertainment, corporations and the government have struggled to come up with appropriate responses to attacks that fall into a gray area between espionage and crime.

Hackers could use stolen information—which Anthem said in its case included birth dates and e-mail addresses—to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks. Government officials have been investigating whether foreign interests are using personal, financial or medical information as leverage to gain intelligence from people who want their information to stay private, according to the U.S. official.

Michael Daniel, President Obama’s chief adviser on cybersecurity, said Thursday morning that he was one of the millions of Anthem customers who had their personal information taken. Anthem also insures employees of Boeing and other defense contractors, which are examples the kinds of targets who could be of interest to foreign intelligence organizations.

Anthem spokeswoman Kristin Binns declined to comment. John Dern, a spokesman for Boeing, didn’t immediately comment.

In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike, an Irvine, Califorinia-based cybersecurity firm. He declined to name any of the companies affected.

“This goes well beyond trying to access health-care records,” Meyers said. “If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection.” He cautioned that it’s also possible that hackers who work for China during the day are moonlighting for criminal purposes on the side.

Officials at Anthem detected the theft of the trove of customer information as it was being sent from its computers on Jan. 29, according to one of the people involved in the investigation, which they said is still in its early stages.

Technical details of the attack include “fingerprints” of a nation-state, the two people said, and China is the early suspect.

Meyers said the breach fits the pattern of a hacking unit that Crowdstrike calls Deep Panda, which over the last several months has targeted both defense contractors and the health care industry.