DOJ charges Chinese man over 'one of the worst data breaches in history' which took 79 million people's personal data from Anthem health insurers

Wang wnated anhtem hackThe FBI wanted poster for Fujie Wang and an unnamed man, both charged with hacking the US heath care company AnthemDepartment of Justice Federal Bureau of Investigation

  • A Chinese man has been charged with orchestrating the largest healthcare data hack in US history, which hit 79 million Anthem customers.
  • Wang Fujie, 32, was charged with conspiracy to commit fraud and wire fraud, and two counts of intentional damage to a protected computer.
  • Prosecutors say Wang stole social security numbers, phone numbers, and emails belonging to customers of US healthcare giant Anthem between February 2014 and January 2015.
  • Wang, and an unnamed Chinese man, are also charged with hacking three other US companies, which were not named in the indictment.
  • In October 2018, Anthem, the second-largest US health insurance provider, paid the US government $16 million over the breach.
  • Visit Business Insider's homepage for more stories.

A Chinese national has been charged with orchestrating the biggest data hack in US healthcare history, in which 79 million people had their personal information stolen.

Wang Fujie, 32, was charged with hacking US health insurance giant Anthem, and three other unnamed US businesses, between February 2014 and January 2015, a Department of Justice press (DOJ) release said Thursday.

In the four-count indictment cited by the DOJ, Wang, who also goes by Dennis Wang, is said to have "used sophisticated techniques to hack into the computer networks of the victim businesses without authorization."

He was charged alongside another man, referred to in the indictment as John Doe.

The men are then accused of installing malware and seeking out the personal information of 79 million Anthem customers, as well as their "confidential business information."

the Anthem logo at the company's corporate headquarters in IndianapolisThe Anthem logo at the company's corporate headquarters in Indianapolis.AP

They were detected in January 2015, the indictment said.

Read more: Healthcare CEOs make millions every year. Here's what the industry's top executives earned in 2018.

The stolen data included names, health identification numbers, dates of birth, social security numbers, addresses, telephone numbers, email addresses, employment information, and income data, the indictment said.

Anthem paid the US government $16 million as a result of the privacy violation in October 2018.

One of the techniques Wang is said to have used was a "spearfishing" email, a targeted message designed to trick the recipient into treating it as legitimate.

Emails with hyperlinks were sent to employees of the four companies, the DOJ said. If they clicked on the link it installed malware which opened a back door to the company's computer server, the indictment said.

Wang and the other man were both charged with one count of conspiracy to commit fraud, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.

Read more: 4 healthcare costs in retirement no one warns you about

In a statement, DOJ assistant attorney general Brian Benczkowski said: "The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history."

"These defendants allegedly attacked US businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their PII (personally identifiable information)."

In February 2015, Bloomberg reported that the FBI believes the hack was sponsored by the Chinese government.

An Anthem spokeswoman told Business Insider in an emailed statement:

"We are grateful for the support and partnership of the FBI and extended law enforcement team in investigating the sophisticated cyber-attack that Anthem was a victim of in February 2015, and are pleased with the action taken today."

"There is no evidence that information obtained through the 2015 cyber-attack targeting Anthem has resulted in fraud."

{{}}
Add Comment()
Comments ()
X
Sort By:
Be the first one to comment.
We have sent you a verification email. This comment will be published once verification is done.