The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group — defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.
The latest theft continues a string of major breaches of companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that have touched the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully. Though President Barack Obama promised action against North Korea after the destruction of property at Sony Pictures Entertainment, corporations and the government have struggled to come up with appropriate responses to attacks that fall into a gray area between espionage and crime.
Hackers could use stolen information — which Anthem said in its case included birthdates and e-mail addresses — to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks. Government officials have been investigating whether foreign interests are using personal, financial or medical information as leverage to gain intelligence from people who want their information to stay private, according to the U.S. official.