Written By Justin Tefertiller And Presented By Charles Leaver Ziften CEO
Continuous Endpoint Visibility Would Have Improved Healthcare Data Leakage Prevention
Anthem Inc found a large scale cyber attack on January 29, 2015 against their IT and data systems. The health care data leak was believed to have actually happened over a several week period starting around early December 2014 and targeted individual data on Anthem’s database infrastructure along with endpoint systems. The stolen info included dates of birth, full names, healthcare identification numbers as well as social security reference numbers of clients and Anthem employees. The exact variety of individuals affected by the breach is unknown but it is approximated that nearly 80 million records were stolen. healthcare data tends to be one of the most lucrative sources of income for hackers offering records on the dark market.
Forbes and others report that attackers utilized a process-based backdoor on clients linked to Anthem databases in combination with compromised admin accounts and passwords to graduallysteal the data. The actions taken by the hackers posturing and operating as administrators are what eventually brought the breach to the attention of security and IT groups at Anthem.
This type of attack shows the need for continuous endpoint visibility, as endpoint systems are a consistent infection vector and an avenue to sensitive data kept on any network they may connect to. Easy things like never ever before observed processes, brand-new user accounts, odd network connections, and unauthorized administrative activity are common calling cards of the beginning of a breach and can be easily determined and alerted on with the ideal tracking tool. When notified to these conditions in real time, Incident Responders can catch the invasion, discover patient zero, and ideally alleviate the damage instead of allowing assailants to wander around the network unnoticed for weeks.