Seven state insurance commissioners, in a new report on their investigation into the massive cyberattack against health insurer Anthem Inc. in February 2015, offer a detailed account of what happened in the incident, which began with a phishing campaign. They conclude, as had already been widely speculated, that a nation-state was behind the attack, which affected 78.8 million individuals. But they stop short of naming the nation involved.
The commissioners also announced they reached a regulatory settlement agreement with the insurer that did not impose any fines but called on the company to make significant investments in security enhancements. Anthem is spending more than...(continued)