The hackers are thought to have used a sophisticated malicious software program that gave them access to the login credential of an Anthem employee. Although that employee, a Senior Database Administrator, by chance noticed someone was using his login credentials, some are reporting that the hackers may have been on the network for at least 60 days prior to the February 5 breach announcement.
"All cybercrime is an inside job, because the criminals are able to penetrate a database from the outside and act as an insider in gaining access to data, which is what occurred in the Anthem breach."How to detect hackers posing as insiders? Static rules approaches such as "whether access behavior is typical of a user in that role, that job title, or that geographic location" aren’t sufficient and generate massive numbers of rabbit holes. What’s needed is Identity Access Intelligence (IAI) which applies patent-pending behavioral clustering analytics to user and patient activity. This allows the data itself to reveal which activities are legitimate and which are the very few instances of real hacker activity.
- Forrester analyst
For more information see www.Veriphyr.comSources:
(a) Anthem Hacking Points to Security Vulnerability of Health Care Industry - www.NewYorkTimes.com, 02/06/2015