Investigators: Foreign Government Possibly Behind Massive Anthem Hack

SACRAMENTO (CBS / AP) -- A foreign government may have been behind a cyber breach of health insurance company Anthem Inc. that compromised the records of more than 78 million consumers, investigators said Friday. They declined to identify the hackers or the foreign government.

Social Security numbers, birthdates and employment details of customers - all key ingredients of identity theft - were accessed in the breach, officials said.

Anthem, the nation's second-largest health insurer, has agreed to make $260 million in improvements to its information security systems as part of a settlement with insurance regulators in most U.S. states and territories.

The company will also provide credit protection to consumers whose information was compromised.

The insurer is licensed in all 50 states and conducts business under brands including Blue Cross Blue Shield, Unicare, CareMore and Amerigroup.

Investigators from the cybersecurity firm CrowdStrike identified the attackers with "high confidence" and concluded with "medium confidence" that they were working for a foreign government, according to a report released by California Insurance Commissioner Dave Jones.

"Insurers have an obligation to make sure consumers' health and financial information is protected," Jones said in a statement.

A finding of high confidence means the information is verified by multiple sources or a single highly reliable source. Medium confidence means the information is open to multiple interpretations or not reliable enough to warrant higher confidence.

Federal law enforcement officials requested that Jones not identify the foreign government due to an ongoing investigation, said Madison Voss, a spokeswoman for the insurance department.

Previous attacks by that same government have not resulted in personal information being sent to non-governmental entities, CrowdStrike said in its report.

Investigators say intruders cracked Anthem's database in February 2014 with a phishing email and evaded multiple layers of security. The hackers eventually gained remote access to at least 90 systems within the Anthem enterprise.

California insurance commissioners concluded that shortfalls in Anthem's security protocols were typical for a company of its size and declined to issue fines or other punishment. They said the company responded promptly, ejecting the cyber intruders within three days and notifying affected customers.

A lawsuit filed by customers who say they were affected by the breach paints Anthem as a ripe target for hackers. It says the insurer allowed wide employee access to its database and didn't train workers on the handling of phishing emails.

Anthem discovered the cyber breach a year ago and said it included the records of at least 12 million minors.

Anthem spokesman Darrel Ng said the insurer has cooperated with insurance regulators since the breach was discovered.

"Anthem takes the security of its information and the personal information of consumers very seriously and is committed to protecting the data of its customers," Ng said in an emailed statement.

Featured Local Savings

More from CBS News

Southbound I-680 through Pleasanton closed for weekend repaving work

2-alarm fire burns in San Francisco Presidio Heights neighborhood

After leaving Redwood City for Texas, Oracle plans "world headqarters" in Nashville

Bay Area air travelers welcome new refund rules on canceled flights, lost luggage