China's Hack of Millions Tied to Healthcare Record Thefts

The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from healthcare companies.

Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc., a cyber intelligence company that works with federal investigators.
The thefts are believed to be part of a larger effort by Chinese hackers to get health-care records and other personal information on millions of U.S. government employees and contractors from various sources, including insurers, government agencies and federal contractors, said an American intelligence official, speaking on condition of anonymity.

The data could be used to target individuals with access to sensitive information who have financial, marital or other problems and might be subject to bribery, blackmail, entrapment and other traditional espionage tools, the official said.
“It is not only the scale that is of interest -- 4 million employees -- or even that the reason could be to use the information to recruit spies in America, but that people are now part of China-critical nodes in their cyber strategy,” said Rosita Dellios, an associate professor of international relations at Bond University on Australia’s Gold Coast.
“Usually in cyber strategy, it is critical infrastructure like energy grids, transportation, and satellites that are mentioned. Here we have a whole class of people crucial to U.S. security being targeted,” she said.

Meanwhile, Beijing on Friday labeled as "irresponsible" reports that Chinese hackers were behind the massive cyberattack on personal data of millions.

"Cyberttacks are generally anonymous and conducted across borders and their origins are hard to trace," foreign ministry spokesman Hong Lei said at a regular briefing."Not to carry out a deep investigation and keep using words such as 'possible' is irresponsible and unscientific," he added.
The Washington Post and other US media cited government officials as saying that Chinese hackers were behind the breach.
"We have seen a lot of media reports and opinions like this recently," Hong said.
The Chinese embassy in Washington countered that such attacks would not be allowed under Chinese law.
"Chinese laws prohibit cyber crimes of all forms. China has made great efforts to combat cyberattacks in accordance with Chinese laws and regulations," embassy spokesman Zhu Haiquan said.
Previous Attack
The hackers got into the U.S. Office of Personnel Management computer system late last year, according to one U.S. official, who asked for anonymity to discuss the investigation. The intrusion was detected in April and it took U.S. investigators a month to conclude that the files had been compromised. It was one of the largest breaches of government personnel data.
Indianapolis-based Anthem, which runs Blue Cross and Blue Shield health plans, said in February that hackers stole information on about 80 million customers, exposing Social Security numbers and other sensitive information. In March, Premera Blue Cross, a Spokane, Washington-based company that operates in the northwestern U.S., said information on 11 million people may have been exposed.            
The revelations could complicate the agenda for Chinese President Xi Jinping’s first state visit to the U.S. in September. Ties between the two countries already are strained over American demands that China stop its island-building program in the South China Sea.
Security Clearances
In the government hack disclosed Thursday, the thieves accessed information on individuals who applied for or were granted security clearances, among other things, according to a person familiar with the investigation who asked for anonymity. Such data often includes detailed interviews with friends and family members as well as information that could disqualify a candidate from receiving a clearance.
The personnel management office provides information on job candidates for agencies across the federal government, including whether those individuals are suitable for employment, according to the OPM website.
The Federal Bureau of Investigation and the Department of Homeland Security are investigating, according to a statement from OPM.
The hackers who breached the government and health company computers used unique techniques that amount to a digital fingerprint of sorts, allowing iSight researchers to link the three with “high confidence,” said Hultquist, head of cyber espionage threat intelligence at the Dallas-based company. Hultquist declined to say whether his company is working on the investigations of the U.S. data breach or the health-care company hacks.
Intelligence Agency
If that link holds up, it would tie some of the largest hacks of the last year to a single group of state-sponsored cyber spies.
Two people familiar with the investigation said the hackers are a unit linked to China’s civilian intelligence agency, the Ministry of State Security.
“These aren’t criminals and we don’t expect this stuff to show up on the black market,” Hultquist said. “We’re still struggling to understand why this sort of data is being targeted.”
The U.S. government plans to notify those who were potentially affected by the breach, and is offering free credit report access, credit monitoring and identity-theft insurance to those whose personal information was compromised.
The OPM said investigators may find that additional personnel files were compromised as they review the breach.
“We take very seriously our responsibility to secure the information stored in our systems,” OPM Director Katherine Archuleta said in the statement.
Russian Hackers
Donna Seymour, OPM’s chief information officer, said the information stolen was typical for a personnel file, including Social Security number, date and place of birth and benefit selections. Bank accounts and health information weren’t included and there’s no indication any specific category of workers were targeted, she said.
U.S. Defense Secretary Ashton Carter said in April that Russian hackers had breached an unclassified Pentagon computer network. A “crack team of incident responders” began hunting the Russians within hours, he said in a speech at Stanford University that warned of the danger of cyberattacks to the U.S. government.
Hackers are believed to have broken into an unclassified White House computer network last year at the behest of the Russian government. Some U.S. officials said the same hackers earlier breached State Department computers.
The White House hack may have been in retaliation for sanctions the U.S. imposed on Russia after its annexation of Crimea in March 2014, a person familiar with the incident said.
The Russian and Chinese governments have regularly dismissed allegations that they employ hackers to target U.S. computer systems.