Written By Justin Tefertiller And Presented By Chuck Leaver Ziften CEO
Continuous Endpoint Visibility Would Have Improved Healthcare Data Leakage Prevention
Anthem Inc found a big scale cyber attack on January 29, 2015 against their data and IT systems. The health care data leakage was thought to have actually taken place over a several week period starting around early December 2014 and targeted personal data on Anthem’s database infrastructure along with endpoint systems. The taken info consisted of dates of birth, complete names, health care identification numbers and even social security numbers of consumers and Anthem employees. The exact variety of people impacted by the breach is unknown but it is estimated that nearly 80 million records were taken. healthcare data has the tendency to be among the most financially rewarding income sources for hackers offering records on the dark market.
Forbes and others report that opponents used a process-based backdoor on clients linked to Anthem databases in combination with compromised admin accounts and passwords to slowlytake the data. The actions taken by the hackers posturing and running as administrators are exactly what ultimately brought the breach to the attention of security and IT teams at Anthem.
This kind of attack shows the requirement for continuous endpoint visibility, as endpoint systems are a constant infection vector and an open door to sensitive data saved on any network they may link to. Simple things like never before observed processes, new user accounts, odd network connections, and unauthorized administrative activity are typical calling cards of the onset of a breach and can be quickly identified and alerted on given the best monitoring tool. When alerted to these conditions in real-time, Incident Responders can pounce on the invasion, find patient zero, and hopefully reduce the damage instead of allowing hackers to stroll around the network unnoticed for weeks.