Anthem cyberattack renews calls for info sharing

Wikimedia image: Michael Thomas McCaul, Sr. (U.S. Representative for Texas's 10th congressional district)

House Homeland Security Chairman Michael McCaul said Congress needs to move cybersecurity information-sharing legislation "as soon as possible."

Anthem Inc., one of the country's biggest health insurers, has been hit by a major cyberattack that could affect millions of its customers and employees. As news of the large-scale hack broke late Feb. 4, it was already having a ripple effect on Capitol Hill, with a top lawmaker calling on Congress to pass information-sharing legislation in response.

Hackers stole personal information from current and former Anthem members, including Social Security numbers, street and email addresses, and income data, the insurer said a statement that described the hack as "very sophisticated." The firm said it had seen no evidence that credit card or medical information was compromised.

The hackers penetrated an Anthem database housing the personal information of 80 million Anthem customers and employees, the Wall Street Journal reported.

In a statement, the FBI said it was investigating the Anthem hack and praised the company’s swift response. 

"Anthem’s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances," said the bureau.

"Rapid notification allows the FBI to quickly deploy our cyber experts to preserve evidence and work with a company's incident responders to help them remediate their networks and rid their systems of harmful malware," the statement said.

Rumblings on the Hill

A key lawmaker quickly took notice of the cyberattack on Anthem.

"This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," said Texas Republican Michael McCaul, chairman of the House Homeland Security Committee. "I will lead this effort with other committees in the House and Senate to ensure we move forward with greatly needed cybersecurity legislation as soon as possible."

President Barack Obama is reportedly set to announce executive action to encourage the private sector to share cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.

Breach notification proposal 

By any standard, Anthem acted quickly in reporting the breach to customers and the public just days after it occurred. State laws vary widely about when notification should take place, and how much time firms should have before disclosing the theft of personally identifiable information.

The Obama administration recently came out in support of a national data breach standard that includes a requirement to notify customers within 30-days of a breach. The Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held a hearing Feb. 5 to discuss what a national standard might look like and whether federal rules should preempt state regulations in those states which maintain stringent breach notification standards.

"Just this morning we woke up to news of what experts are calling the largest health care breach to date," said Sen. Jerry Moran (R-Kan.), the subcommittee chairman.  He sounded a hopeful note for action on a national standard. "The president's support along with bipartisan and bicameral congressional interest has renewed optimism among stakeholders that congress can develop a balanced and thoughtful approach with legislation in the near term," he said.

No apparent impact on

The cyberattack on Anthem put hackers inside a network with connections to government systems including and, where enrollment and payments are processed. A CMS spokesperson told FCW that "while there is no indication at this time that the attack against Anthem has impacted or, we remain vigilant in responding to cybersecurity events."

Ahead of the current open enrollment season, which began in November 2014 and closes Feb. 15, CMS invested in new detection tools, and in its cyber response, as well as adding to its cybersecurity team, a spokesperson said. To date, according to CMS, no personally identifiable information has been accessed or stolen by hackers or others with malicious intent from or

Outside help

Like Sony Pictures Entertainment after it was hacked last November, Anthem has hired cybersecurity firm Mandiant to help investigate the hack.

Anthem already had a good idea of the data stolen before hiring Mandiant a few days ago, said David Damato, managing director of Mandiant's parent firm FireEye Inc. He said it was unusual for a firm to have that level of forensics detection before an investigation begins.

Mandiant's team is working alongside the FBI, feeding malware and IP addresses to the agents to check against "their intelligence and give us some initial indication on the context," said Damato, who spoke to FCW from Anthem's war room for dealing with the hack, at its Indianapolis headquarters. He said the malware found on Anthem’s network was sophisticated, customized and not publicly available.

Damato said it was too early to say whether, given the sophistication of the malware, a nation-state was behind the hack.

In August, the FBI formally warned the health care industry that hackers were targeting companies for intellectual property and possibly personal information like the kind stolen from Anthem, according to a Reuters report.

About the Authors

Sean Lyngaas is a former FCW staff writer.

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected