Written By Justin Tefertiller And Presented By Chuck Leaver Ziften CEO
Continuous Endpoint Visibility Would Have Improved Healthcare Data Leakage Prevention
Anthem Inc found a large scale cyber attack on January 29, 2015 against their data and IT systems. The health care data leakage was believed to have taken place over a numerous week duration beginning around early December 2014 and targeted individual data on Anthem’s database infrastructure as well as endpoint systems. The taken details consisted of dates of birth, complete names, health care identification numbers as well as social security numbers of customers and Anthem staff members. The exact number of individuals affected by the breach is unknown however it is approximated that almost 80 million records were taken. health care data has the tendency to be among the most profitable income sources for hackers selling records on the dark market.
Forbes and others report that opponents utilized a process-based backdoor on clients connected to Anthem databases in addition to jeopardized admin accounts and passwords to graduallytake the data. The actions taken by the hackers positioning and operating as administrators are exactly what eventually brought the breach to the attention of security and IT groups at Anthem.
This type of attack illustrates the requirement for continuous endpoint visibility, as endpoint systems are a continuous infection vector and an avenue to delicate data kept on any network they may link to. Simple things like never before observed procedures, brand-new user accounts, odd network connections, and unapproved administrative activity are typical calling cards of the beginning of a breach and can be quickly determined and notified on with the best monitoring tool. When notified to these conditions in real time, Incident Responders can catch the intrusion, discover patient zero, and hopefully reduce the damage rather than permitting hackers to stroll around the network unnoticed for weeks.