Chuck Leaver – Endpoint Visibility Could Have Prevented Anthem Healthcare Data Leak

Written By Justin Tefertiller And Presented By Chuck Leaver Ziften CEO


Continuous Endpoint Visibility Would Have Improved Health Care Data Leak Prevention


Anthem Inc discovered a large scale cyber attack on January 29, 2015 against their data and IT systems. The healthcare data leak was believed to have actually occurred over a several week duration beginning around early December 2014 and targeted individual data on Anthem’s database infrastructure in addition to endpoint systems. The stolen details consisted of dates of birth, full names, healthcare identification numbers and even social security reference numbers of consumers and Anthem workers. The specific variety of individuals impacted by the breach is unidentified but it is approximated that nearly 80 million records were stolen. health care data has the tendency to be one of the most profitable sources of income for hackers offering records on the dark market.

Forbes and others report that assailants used a process-based backdoor on clients linked to Anthem databases in combination with compromised admin accounts and passwords to slowlytake the data. The actions taken by the hackers presenting and operating as administrators are exactly what ultimately brought the breach to the attention of security and IT groups at Anthem.

This kind of attack illustrates the requirement for continuous endpoint visibility, as endpoint systems are a continuous infection vector and an avenue to delicate data stored on any network they may connect to. Simple things like never before observed processes, brand-new user accounts, weird network connections, and unapproved administrative activity are typical calling cards of the beginning of a breach and can be easily identified and alerted on given the best monitoring tool. When notified to these conditions in real-time, Incident Responders can catch the intrusion, discover patient zero, and ideally mitigate the damage rather than allowing attackers to wander around the network unnoticed for weeks.