The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.

Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc., a cyber-intelligence company that works with federal investigators.

The thefts are believed to be part of a larger effort by Chinese hackers to get health-care records and other personal information on millions of U.S. government employees and contractors from various sources, including insurers, government agencies and federal contractors, said an American intelligence official, speaking on condition of anonymity.

The data could be used to target individuals with access to sensitive information who have financial, marital or other problems and might be subject to bribery, blackmail, entrapment and other traditional espionage tools, the official said.

"It is not only the scale that is of interest — 4 million employees — or even that the reason could be to use the information to recruit spies in America, but that people are now part of China-critical nodes in their cyber strategy," said Rosita Dellios, an associate professor of international relations at Bond University on Australia's Gold Coast.

"Usually in cyber strategy, it is critical infrastructure like energy grids, transportation, and satellites that are mentioned. Here we have a whole class of people crucial to U.S. security being targeted," she said.

|

Previous Attack

The hackers, believed to have links to the Chinese government, got into the U.S. Office of Personnel Management computer system late last year, according to one U.S. official, who asked for anonymity to discuss the investigation. The intrusion was detected in April and it took U.S. investigators a month to conclude that the files had been compromised. It was one of the largest breaches of government personnel data.

Indianapolis-based Anthem, which runs Blue Cross and Blue Shield health plans, said in February that hackers stole information on about 80 million customers, exposing Social Security numbers and other sensitive information. In March, Premera Blue Cross, a Spokane, Washington-based company that operates in the northwestern U.S., said information on 11 million people may have been exposed.

|

'Hypothetical Accusations'

A spokesman for the Chinese Embassy in Washington, Zhu Haiquan, said his country's laws prohibit cybercrimes and China works to combat violations.

"Cyber-attacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify," he said in an e-mailed statement. "Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive."

The revelations could complicate the agenda for Chinese President Xi Jinping's first state visit to the U.S. in September. Ties between the two countries already are strained over American demands that China stop its island-building program in the South China Sea.

|

Security Clearances

In the government hack disclosed Thursday, the thieves accessed information on individuals who applied for or were granted security clearances, among other things, according to a person familiar with the investigation who asked for anonymity. Such data often includes detailed interviews with friends and family members as well as information that could disqualify a candidate from receiving a clearance.

The personnel management office provides information on job candidates for agencies across the federal government, including whether those individuals are suitable for employment, according to the OPM website.

The Federal Bureau of Investigation and the Department of Homeland Security are investigating, according to a statement from OPM.

The hackers who breached the government and health company computers used unique techniques that amount to a digital fingerprint of sorts, allowing iSight researchers to link the three with "high confidence," said Hultquist, head of cyber-espionage threat intelligence at the Dallas-based company. Hultquist declined to say whether his company is working on the investigations of the U.S. data breach or the health-care company hacks.

|

Intelligence Agency

If that link holds up, it would tie some of the largest hacks of the last year to a single group of state-sponsored cyberspies.

Two people familiar with the investigation said the hackers are a unit linked to China's civilian intelligence agency, the Ministry of State Security.

"These aren't criminals and we don't expect this stuff to show up on the black market," Hultquist said. "We're still struggling to understand why this sort of data is being targeted."

The U.S. government plans to notify those who were potentially affected by the breach, and is offering free credit report access, credit monitoring and identity-theft insurance to those whose personal information was compromised.

The OPM said investigators may find that additional personnel files were compromised as they review the breach.

"We take very seriously our responsibility to secure the information stored in our systems," OPM Director Katherine Archuleta said in the statement.

|

Russian Hackers

Donna Seymour, OPM's chief information officer, said the information stolen was typical for a personnel file, including Social Security number, date and place of birth and benefit selections. Bank accounts and health information weren't included and there's no indication any specific category of workers were targeted, she said.

U.S. Defense Secretary Ashton Carter said in April that Russian hackers had breached an unclassified Pentagon computer network. A "crack team of incident responders" began hunting the Russians within hours, he said in a speech at Stanford University that warned of the danger of cyber-attacks to the U.S. government.

Hackers are believed to have broken into an unclassified White House computer network last year at the behest of the Russian government. Some U.S. officials said the same hackers earlier breached State Department computers.

The White House hack may have been in retaliation for sanctions the U.S. imposed on Russia after its annexation of Crimea in March 2014, a person familiar with the incident said.

The Russian and Chinese governments have regularly dismissed allegations that they employ hackers to target U.S. computer systems.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.