Because the investigation into the attacks has not been closed, the exact number of people who are affected by the attack has not been ?determined.
President and CEO of Anthem John Swedish informed the public about the breach in a statement last week.
“Anthem was the target of a very sophisticated external cyber-attack,” Swedish said. “These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs, Social Security numbers, street addresses, email addresses and employment information.”
According to reports by Bloomberg and the Washington Post, there is evidence to suggest that Chinese, state-sponsored hackers are responsible for the attack.
The news of this attack has caused some to recall the attack on Target in the end of 2013, when credit card information from as many as 40 million people was stolen, and concerns of the security of personal information has come into question.
Since the news of the attack broke, at least four lawsuits have been filed against Anthem, with plaintiffs in California, Georgia, Indiana and Alabama. In Indianapolis, the law firm Cohen and Malad filed a lawsuit on behalf of their client, Karen Meadows, along with anyone else across the country who might have been ?affected.
Sen. Joe Donnelly, D-Ind., offered his concern for Indiana residents whose information was left vulnerable from the attack.
“The Anthem cyber attack is a reminder of the serious threats we face, individually and as a nation, to our cybersecurity,” Donnelly said. “I am concerned about all those in Indiana and around the country whose personal information was ?compromised.”
Professor of Informatics and Director of the Security Informatics Program at IU L. Jean Camp said how one pays for items can help protect oneself from ?cyberattacks.
“The way to protect yourself in a breach such as Target is to use a credit card, and not a debit card,” Camp said. “The information leaked by Anthem includes more information on individuals as compared to that lost to Target. ... Recovering from the loss of information that is used to obtain credit is more difficult than recovering from the loss of a credit card.”
Anthem has hired Mandiant, a leading cybersecurity firm based out of Indianapolis, to assess the state of their systems and propose solutions for the future of their networks. The managing director of Mandiant, Dave Damato, released details on their assessment.
“Normally, we have no leads, but (Anthem) had their own internal incident response team,” Damato said in an interview Thursday with SC Magazine, which writes about cybersecurity and information. “Any passwords that were affected by the breach were reset, (and they began) blocking traffic associated with the attacker and removing any compromised systems.”
Indiana Attorney General Greg Zoeller released a statement and urged Indiana residents who might have been affected by the attack to enroll in credit freeze programs to ensure the safety of their credit information.
“Companies that hold consumers’ personal information have an especially important obligation to protect that stored data from theft or intrusion,” Zoeller said in a press release. “The Office of the Indiana Attorney General as the state’s consumer protection agency will continue to monitor this situation in conjunction with our law enforcement colleagues with an emphasis on putting consumers first.”
Kami Vaniea, a professor in the School of Informatics and Computing, is an expert in human-computer interaction and security and privacy applications.
“Building systems that are impervious to attack is very challenging given the complexities of today’s software,” Vaniea said. “However, there are many things companies can do to limit the damage to consumers, such as encrypting information, hashing passwords and moving older records into more secure backup servers.”
Unconfirmed reports have said the information that Anthem was storing was not encrypted.
A member of the Senate Intelligence Committee, Sen. Dan Coats, R-Ind., has made statements in regards to the attack and what Hoosiers should be doing to protect themselves in the future.
“Neither industry nor government alone can broadly improve our nation’s cybersecurity, and Congress must renew its commitment to address the wide range of issues posed by cyber threats through targeted legislation,” Coats said in a press release.
