It was announced recently that Anthem, Inc. had been victim to a cyber-related breach. Anthem has been collaborating with the HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) since initial discovery of suspicious activity on its network, including sharing of various indicators of compromise (IOCs) consisting of MD5 hashes, IP addresses, and threat actor email addresses.
This crucial observable information was anonymously shared with the HITRUST C3 Community, through the automated threat exchange. It was quickly determined that the IOCs were not found by other organizations across the industry and this attack was targeted at a specific organization.
Upon further investigation and analysis it is believed to be a targeted advanced persistent threat (APT) actor. With that information, HITRUST determined it was not necessary to issue a broad industry alert.
As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.
HITRUST will publish threat reports on the topic and facilitate industry discussion through the HITRUST C3.
We believe that Anthem’s adoption of strong information security controls, comprehensive assessment process, participation in cyber preparedness exercises and cyber threat information sharing were crucial in their ability to detect, analyze, remediate and collaborate swiftly and effectively.