OPSWAT comments on Anthem Inc data breach
February 2015 by OPSWAT
Anthem, the US’ second largest health insurer, with about 70 million customers, has suffered a data breach. Please see below for comments by Mike Spykerman, Vice President of Product Management at OPSWAT :
"Though this is now said to be the largest data breach in the health care industry, unfortunately it is unlikely to be the last. No details are available yet about how the breach at Anthem occurred, however from other breaches we have learnt that often the security is breached by a targeted spear phishing email attack that is used to plant malware or to entice the recipient to provide credentials that can then be used to gain access to systems. The breach could occur at the company itself, but we have also seen breaches where the actual attack occurred at a supplier through which access was gained to the company’s procurement system.
Anthem should be commended for notifying the FBI so promptly about the breach. Fast and appropriate action could mean that the attackers have not yet been able to cover their tracks.
In order to protect against targeted email attacks, a multi-layered approach is recommended. Conventional email security systems need to be reinforced by implementing an antimalware solution that uses multiple antivirus engines to scan email attachments, greatly increasing the likelihood that malware is detected, as well as countering threats targeted to bypass a specific engine’s detection capabilities. Document sanitization, where files are converted to a different format and any embedded scripts are removed, acts as another security layer by defusing any possible hidden threats in email attachments that might go undetected by antivirus engines. Employee training on how to detect phishing attacks is also highly recommended, although it is important to be aware that spear phishing attacks are becoming more and more sophisticated and can fool even the most tech-savvy employees."