Chinese citizen indicted in Anthem hack of records of 80M

A Chinese citizen was indicted for aiding a massive 2015 computer hack at health insurer Anthem, one of the biggest thefts of consumer medical data in U.S. history.

The four-count indictment unsealed Thursday in Indianapolis, where Anthem is based, accuses Fujie Wang, 32, of helping a hacking group in China infiltrate the computer systems of Anthem and three other U.S. businesses that aren’t identified in the case, ultimately gaining access to personal information on nearly 80 million people at Anthem alone.

Wang, who is at large, and another defendant, identified only as John Doe, drained Anthem’s computer network of customers’ names, health identification numbers, dates of birth, Social Security numbers, income data and other personal information, according to the indictment.

Anthem-logo-CROP.jpg
Signage is displayed on the exterior of an Anthem Inc. Blue Cross Blue Shield office building in Wallingford, Connecticut, U.S., on Tuesday, Nov. 22, 2016. Photographer: Michael Nagle/Bloomberg

The pair allegedly used “extremely sophisticated” techniques to carry out the hack, including sending “spear phishing” emails with embedded hyperlinks to employees, the U.S. said. If the victims clicked on the links, a file was downloaded that would deploy malware to install a “back door” for remote access. After information was collected, the defendants placed it in encrypted files and sent it through multiple computers to destinations in China, according to the indictment.

The U.S. said they worked slowly throughout 2014 to avoid detection and gain incremental access to the computer networks.

“Defendants sometimes patiently waited months before taking further action, quietly maintaining access” to the victims’ networks, according to the indictment.

“The cyberattack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans,” U.S. Attorney Josh Minkler said in a statement. “This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice.”

The Anthem theft followed security breaches at companies including Target, Home Depot and JPMorgan Chase that affected the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully.