ADVERTISEMENT

Chinese Citizen Indicted Over Hack of 80 Million Medical Records

The U.S. said they worked slowly throughout 2014 to avoid detection and gain incremental access to the computer networks.

Chinese Citizen Indicted Over Hack of 80 Million Medical Records
The Anthem Inc. Anthem Anywhere application is seen in the App Store on an Apple Inc. iPhone displayed for a photograph in Washington, D.C., U.S. (Photographer: Andrew Harrer/Bloomberg)

(Bloomberg) -- A Chinese citizen was indicted for aiding a massive 2015 computer hack at health insurer Anthem Inc., one of the biggest thefts of consumer medical data in U.S. history.

The four-count indictment unsealed Thursday in Indianapolis, where Anthem is based, accuses Fujie Wang, 32, of helping a hacking group in China infiltrate the computer systems of Anthem and three other U.S. businesses that aren’t identified in the case, ultimately gaining access to personal information on nearly 80 million people at Anthem alone.

Wang, who is at large, and another defendant, identified only as John Doe, drained Anthem’s computer network of customers’ names, health identification numbers, dates of birth, Social Security numbers, income data and other personal information, according to the indictment.

The pair allegedly used “extremely sophisticated” techniques to carry out the hack, including sending “spearfishing” emails with embedded hyperlinks to employees, the U.S. said. If the victims clicked on the links, a file was downloaded that would deploy malware to install a “back door” for remote access. After information was collected, the defendants placed it in encrypted files and sent it through multiple computers to destinations in China, according to the indictment.

The U.S. said they worked slowly throughout 2014 to avoid detection and gain incremental access to the computer networks.

“Defendants sometimes patiently waited months before taking further action, quietly maintaining access” to the victims’ networks, according to the indictment.

“The cyber attack of Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans,” U.S. Attorney Josh Minkler said in a statement. “This wanton violation of privacy will not stand, and we are committed to bringing those responsible to justice.”

The Anthem theft followed security breaches at companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that affected the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully.

To contact the reporter on this story: Erik Larson in New York at elarson4@bloomberg.net

To contact the editors responsible for this story: David Glovin at dglovin@bloomberg.net, Peter Jeffrey, Steve Stroth

©2019 Bloomberg L.P.