2 Chinese men indicted in health insurer hack

Associated Press

INDIANAPOLIS

A federal grand jury has indicted two members of an “extremely sophisticated” hacking group operating from China in the 2014-2015 theft of the personal information of nearly 79 million customers of insurer Anthem Inc., the biggest known health care hack in U.S. history.

The Justice Department said the two also hacked three other U.S.-based companies it did not name, one in the technology sector, the others in basic materials and communications.

The indictment unsealed Thursday alleges Fujie Wang, a 32-year-old who goes by the Western name “Dennis,” and a man with three listed aliases identified as John Doe stole data including names, birthdates, Social Security numbers and medical IDs, first accessing Anthem’s network in May 2014.

Their access was not terminated until January 2015 after they were detected, the indictment says.

Indianapolis-based Anthem, the nation’s second-largest health insurer, agreed last October to pay the government a record $16 million to settle potential privacy violations.

Anthem said in a statement that it was “pleased” with the indictment and stressed that “there is no evidence that information obtained through the 2015 cyberattack targeting Anthem has resulted in fraud.”

Alex Holden, founder and chief information security officer of the cybersecurity firm Hold Security, said there is no credible evidence any of the stolen data was ever put up for sale for use in identity theft. He said the Anthem data would be much more potent “on a state-sponsored level” for purposes of espionage than it would be in private hands.