Monday, February 9, 2015

Anthem Data Breach: Hacker as Insider? Calls for IAI Approach

There have been numerous news items covering the breach of 80 million patients’ personally identifiable information (PII) at Anthem, one of the largest health insurers. Increasingly the articles indicate the hacker may have taken over at least one insider’s account to enable the identity thefts.

The hackers are thought to have used a sophisticated malicious software program that gave them access to the login credential of an Anthem employee. Although that employee, a Senior Database Administrator, by chance noticed someone was using his login credentials, some are reporting that the hackers may have been on the network for at least 60 days prior to the February 5 breach announcement.

"All cybercrime is an inside job, because the criminals are able to penetrate a database from the outside and act as an insider in gaining access to data, which is what occurred in the Anthem breach."
- Forrester analyst
How to detect hackers posing as insiders? Static rules approaches such as "whether access behavior is typical of a user in that role, that job title, or that geographic location" aren’t sufficient and generate massive numbers of rabbit holes. What’s needed is Identity Access Intelligence (IAI) which applies patent-pending behavioral clustering analytics to user and patient activity. This allows the data itself to reveal which activities are legitimate and which are the very few instances of real hacker activity.
For more information see
(a) Anthem Hacking Points to Security Vulnerability of Health Care Industry -, 02/06/2015

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at