Cygilant Blog

Anthem Data Breach – Did it really start in April 2014?

Posted by Security Steve on Feb 27, 2015

It’s been a rough couple of weeks for Anthem as they remain in a constant loop of bad news.   Clearly this will continue to stay newsworthy as the investigation deepens and the fall out continues.  As we talked about last time, the data the hackers stole includes names, birthdays, Social Security numbers, street and email addresses, and medical IDs. Also included in the data leak is employment information and income.   And as the headlines suggest, the cost of the data breach is likely to exceed $100 million.


“Cost of Anthem's data breach likely to exceed $100 million.” - CNET?

“Are The Data Breaches At Anthem And CHS Linked?” - Forbes

“Anthem's response to breach doesn't inspire confidence.” - Los Angeles Times

“Class action lawsuit filed in San Diego against Anthem.” - 10NEWS


But aside from those disturbing facts, what we found most concerning surrounds the reports that the attackers may have first gained a foothold in April 2014, a full NINE months before the company says it discovered the intrusion.  How can that be?  NINE months?  Where was the breakdown?   Well, it may take months for the investigation to resolve, but we think that one thing is clear: there is a ridiculous gap between the time it takes for a hacker to compromise a target and the length of time that typically passes before the victim figures out they’ve been had. 


Take for example this very telling statistic included in Verizon’s 2014 Data Breach Investigations Report which graphically shows the difference between the “time to compromise” and the “time to discovery.” The bottom-line here is that the gap is not improving, but instead is widening.

 EiQ graph

With that in mind, what should companies do?  How can critical IT assets can be protected and compliance requirements be met? The answer is Security Control Monitoring so that companies can proactively detect and address security control gaps to lower information security risk.  This is the value of  SecureVue’s ThreatVue® add-on module which helps improve security posture by continuously auditing the network against critical security controls like those recommended by SANS.

Tags: Cybercrime, Healthcare, Continuous Security Monitoring

Most Recent Posts

Subscribe to Email Updates