The Impact of the Medical Data Breach"-The Anthem Case and National Security, 2015

The Impact of the Medical Data Breach"-The Anthem Case and National Security, 2015

In February 2015, Anthem Inc., a major U.S. health insurance company, suffered an unprecedented cyber attack that resulted in the leak of personal information of approximately 78 million people. The leaked data included names, birth dates, Social Security numbers, addresses, employment information, income, and other extremely sensitive data, and although the medical records themselves were reportedly not included, the national security risk was enormous.

An investigation at the time concluded that the attack was an Advanced Persistent Threat (APT) by a group of Chinese hackers. The FBI and the U.S. Department of Justice were also involved, and the possibility of Chinese government involvement was strongly suspected. This was more than just a corporate crime; it was part of a struggle for cyber supremacy between the U.S. and China.

The mid-2010s was a time when the U.S. began to clearly recognize that cyberspace was also a battlefield for national security, and cyberattacks had become a geopolitical weapon, with the Snowden affair in 2013 exposing the structure of the surveillance society and Sony Pictures being attacked by a group believed to be North Korean in 2014. In the midst of this trend, the Anthem incident marked a new phase in which "medical insurance information," data that is fundamental to our lives, was targeted.

The national security concerns were twofold. First, tens of millions of personal data, including that of military personnel and government employees, could fall into the hands of foreign powers and be misused for espionage, recruitment, and blackmail. Second, the vast amount of medical-related data could be used as a strategic intelligence resource, as AI analysis would provide material for understanding disease risk and demographics by region.

In 2015, the Cyber Threat Intelligence Sharing Act (CISA) was enacted to establish a framework for sharing threat intelligence between the private sector and the government. A framework for sharing threat intelligence between the private sector and the government was put in place.

The Anthem incident was a symbolic event that ushered in an era in which cyberattacks are linked to competition among nations and threaten individual lives and national security simultaneously. It gave the definitive impression of a "cyber cold war" between the U.S. and China, and cast a deep shadow over subsequent international relations.