Did you wonder why China attacked Anthem health insurance?

The attack on Anthem’s databases and the leak of all their customer records was traced back to China – and this puzzled a good number of security experts. Why? Because this type of hack and data-leak would be the normal operation conducted by Russian cyber criminals going after information for identity theft, not the chinese.

However – there is one small piece of information that makes this hack a lot more understandable.

What is that small piece of information?

It is that most of the three-letter U.S. Government agencies have their employees insured through Anthem’s Blue Cross Blue Shield. Wow – the whole thing makes a LOT more sense now!

You see, the Chinese now have the identities of all the people fighting them, and can use this in a multitude of social engineering scenarios.

It is no small wonder that so many people in the U.S. Government have steam coming out of their ears about the Anthem hack.

This may well be why last Friday President Obama signed an executive order that will nudge private companies to share data about cybersecurity threats between each other and with the federal government.

Apart from the cost of the Anthem data breach, which is likely to smash the $100M barrier, it’s rather surprising that Anthem did not encrypt Social Security #’s which allowed wholesale identity theft of thousands of American cyber-warriors.

Do you still wonder why hackers are going after healthcare records these days?

They are much more valuable because they stay active for many months after a hack, as opposed the credit card numbers which quickly get cancelled after a few days.

As Anthem is a healthcare company, you would expect them to take HIPAA compliance very seriously, and to have best practices for IT security in place – maybe even far more than the basic required level of IT controls. What this tells us is that mere compliance does not equal security – all it does is establish a baseline.

If you were potentially affected in the Anthem attack – we suggest you CALL them – because their website appears to have no mention on the front-facing website about the hack what-so-ever. Of course, they may have something once you login, but we recommend calling them, and recording the phone call.

Anthem FAQ – no mention of hack – this comes during a time when attorney generals across the country open accuse Anthem of NOT notifying their customers that their data has been hacked. Failure to notify customers in some states comes with heavy penalties. Read more about Attorney Generals attacking Anthem for failure to notify.

We understand that Anthem has selected an Identity Theft package for affected customers – as detailed in this Forbes.com article.