Skip to main content

Analysis

Chinese Nationals Indicted in Massive Anthem Hack

By John Commins  
   May 10, 2019

The 2015 data breach exposed the personal information of 78.8 million people. Anthem says no fraud was ever linked to the breach.

A federal grand jury has indicted a Chinese national for his kingpin role in a sophisticated China-based hacking group that targeted large businesses in the United States, including Anthem Inc.

The four-count indictment, unsealed and handed up Thursday in Indianapolis, alleges that Fujie Wang, 32, and his accomplices breached the computer systems of "four distinct industry sectors," including Anthem and three other U.S. businesses that federal prosecutors did not identify, the Department of Justice said.

The breaches exposed the personal information of 78.8 million people, and Anthem was forced to pay a $16 million fine to settle what DOJ called the largest health data breach in U.S. history.  

"The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history," Assistant U.S. Attorney General Brian A. Benczkowski said in a media release

Related: Anthem to Pay Biggest HIPAA Settlement in History

Related: Anthem Data Breach a Potential Game Changer for Healthcare

Related: Anthem Breach Puts Data Security in the Spotlight, Again

The indictment alleges that beginning in February 2014, the defendants used sophisticated techniques to hack into the computer networks of the victim businesses.

Once inside, the hackers allegedly installed malware and tools on the compromised computer systems to further compromise the computer networks of the victim businesses, after which they identified data of interest on the compromised computers, including confidential personal and business information. 

The indictment further alleges that the defendants then collected files and other information from the compromised computers and then stole this data.

The defendants identified and ultimately stole Anthem data on 78.8 million people from Anthem's computer network, including names, health identification numbers, dates of birth, Social Security numbers, addresses, telephone numbers, email addresses, employment information and income data, the indictment said. 

Wang and a defendant identified as "John Doe" are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.

According to a Wanted by the FBI poster, Wang remains at large, and is believed to be living in Shenzhen, China.

How they did it, allegedly

The indictment said the defendants used extremely sophisticated techniques to hack into the computer networks of the victim businesses.

"These techniques included the sending of specially-tailored 'spearfishing' emails with embedded hyperlinks to employees of the victim businesses," DOJ said. "After a user accessed the hyperlink, a file was downloaded which, when executed, deployed malware that would compromise the user's computer system by installing a tool known as a backdoor that would provide remote access to that computer system through a server controlled by the defendants."

According to the indictment, the defendants waited months before taking further action, eventually engaging in reconnaissance by searching the network for data of interest.

The indictment alleges that the defendants broke into Anthem to reconnoiter Anthem's data warehouse on multiple occasions in October and November 2014.

Once interesting data had been identified, the hackers allegedly placed it into encrypted archive files and sent it through multiple computers to destinations in China. Several times in January 2015, the hackers accessed Anthem's database, and transferred encrypted files containing personal information to China.

To avoid detection, the hackers then deleted the encrypted archive files from the computer networks of the victim businesses.  

Anthem Says No Fraud Detected

FBI Special Agent in Charge Grant Mendenhall said "Anthem's cooperation and openness in working with the FBI on the investigation of this sophisticated cyber-attack was imperative in allowing for the identification of these individuals."

In turn, Anthem issued a statement saying it was "grateful for the support and partnership of the FBI and extended law enforcement team in investigating the sophisticated cyber-attack that Anthem was a victim of in February 2015, and are pleased with the action taken today."

"There is no evidence that information obtained through the 2015 cyber-attack targeting Anthem has resulted in fraud," Anthem said.

John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.

Photo credit: Mark Van Scyoc / Shutterstock


KEY TAKEAWAYS

Beginning in February 2014, the defendants used sophisticated techniques to hack into the computer networks of for large U.S.-based businesses.

Once inside, the hackers allegedly installed malware to further compromise the computer networks of the victim businesses.

The hackers then alledgly collected and stole files from the compromised computers.

The defendants remain at large and are presumed to be living in China.


Get the latest on healthcare leadership in your inbox.