NEW YORK, (Reuters) – Several U.S. states are investigating a massive cyberattack on No. 2 U.S. health insurer Anthem Inc that a person familiar with the matter said is being examined for possible ties to China.
Anthem disclosed the attack late Wednesday, saying unknown hackers had penetrated a database with some 80 million records. The insurer said it suspected they had stolen information belonging to tens of millions of current and former customers as well as employees.
Attorneys general of Connecticut, Illinois, Massachusetts, Arkansas and North Carolina are looking into the breach, according to representatives of their offices and internal documents. California’s Department of Insurance said it will review Anthem’s response to the data attack.
Connecticut Attorney General George Jepsen asked Anthem Chief Executive Joseph Swedish to provide by March 4 detailed information about the cyberattack, the company’s security practices and privacy policies, according to a letter obtained by Reuters on Thursday.
“We hope and expect to work in close coordination with other attorneys general,” said Jaclyn Falkowski, a spokeswoman for Jepsen.
A source familiar with the probe told Reuters that a possible connection to China was being investigated, and the Wall Street Journal reported that people close to the investigation say some tools and techniques used against Anthem were similar to ones used in previous attacks linked to China.
Late on Wednesday, the FBI said it was looking into the matter but did not discuss suspects.
