Cyberattack on OPM may be linked to Anthem, Premera breaches
A cybersecurity attack on data systems at the U.S. Office of Personnel Management, which compromised information of about 4 million federal employees, is being linked to similar incidents at health payers Anthem and Premera.
OPM announced last week that it discovered the incident in April because of an effort to update its cybersecurity capabilities. The incident predates the adoption of new security controls, the agency said.
OPM and the U.S. Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT), as well as the Federal Bureau of Investigation, are looking into how the attack will impact employees, OPM said. The agency will send notifications to those affected and will also offer credit monitoring services and identity theft insurance.
Evidence from the attack currently shows a connection to the Premera and Anthem incidents, both of which were thought to be efforts by Chinese hackers to obtain health records, Bloomberg Business reported.
The attack on Premera initially occurred May 5, 2014, but was not detected by the Washington-based insurer until Jan. 29 of this year. Affected data included members' contact information, as well as Social Security numbers, member identification numbers, medical claims information and bank account information.
The Anthem attack was the largest on a healthcare company, as close to 80 million were impacted by the incident. Information including names, birthdays, addresses, email addresses, employment information and Social Security/member identification numbers was compromised.
The stolen data may be an effort by the Chinese to subject Americans to bribery, blackmail or other forms of espionage, according to the Bloomberg article.
However, the White House has not made any conclusions yet as to who was behind the attack, White House Press Secretary Josh Earnest said last week, according to the article. "We're dealing with a persistent adversary," Earnest said. "In some cases, the less they know about what we know, the better."
The OPM attack is one of the largest breaches of government personnel data to date, according to Bloomberg.
Government leaders are taking steps to try to keep Americans' information secure, even as attacks grow in number and intensity. In May, the Consumer Privacy Protection Act of 2015 was introduced by Senate Judiciary Committee Ranking Member Patrick Leahy. The legislation "calls for a comprehensive approach to data security by requiring companies to take preventative steps to defend against cyberattacks and prevent data breaches, and to quickly notify customers in the event a data breach occurs."
Payers need sophisticated tools to fight off cyberattacks
Premera says data breach may affect 11 million consumers
Anthem hack compromises info for 80 million customers
Data breach costs rise 23 percent since 2013
Senate bill to protect consumer privacy includes health data provisions