Written By Justin Tefertiller And Presented By Charles Leaver Ziften CEO
Continuous Endpoint Visibility Would Have Improved Healthcare Data Leak Avoidance
Anthem Inc discovered a big scale cyber attack on January 29, 2015 against their data and IT systems. The health care data leakage was believed to have taken place over a numerous week period beginning around early December 2014 and targeted individual data on Anthem’s database infrastructure as well as endpoint systems. The stolen information included dates of birth, complete names, health care identification numbers and even social security reference numbers of consumers and Anthem staff members. The specific number of people impacted by the breach is unknown but it is approximated that almost 80 million records were stolen. healthcare data has the tendency to be among the most rewarding sources of income for hackers selling records on the dark market.
Forbes and others report that opponents used a process-based backdoor on clients linked to Anthem databases in addition to compromised admin accounts and passwords to slowlysteal the data. The actions taken by the hackers presenting and running as administrators are exactly what eventually brought the breach to the attention of security and IT teams at Anthem.
This kind of attack illustrates the need for continuous endpoint visibility, as endpoint systems are a constant infection vector and an avenue to delicate data saved on any network they might link to. Easy things like never ever before seen procedures, new user accounts, weird network connections, and unapproved administrative activity are typical calling cards of the onset of a breach and can be quickly recognized and notified on given the ideal monitoring tool. When notified to these conditions in real time, Incident Responders can catch the intrusion, discover patient zero, and ideally alleviate the damage rather than permitting attackers to roam around the network unnoticed for weeks.