OPM Hack Affecting Up to 4M Could Be Linked to Insurer Cyberattacks
June 5, 2015 in News
On Thursday, the Office of Personnel Management disclosed a cyber incident that could affect up to four million current and former federal employees, and forensic evidence suggests the incident could be connected to recent attacks on U.S. health insurers, Bloomberg Business reports (Riley/Walcott, Bloomberg Business, 6/5).
Details of OPM Data Breach
The breach was discovered in April, though the incident itself could stretch back to late last year, according to OPM officials. It took about one month to determine which files had been compromised (Sanger/Hirschfeld Davis, New York Times, 6/4). OPM officials were unable to say whether any data were taken, only that hackers had gained access (Nakashima, Washington Post, 6/4).
Specifically, OPM CIO Donna Seymour said that the hackers were able to access information that would commonly be included in a personnel file, such as:
- Benefit elections;
- Birth dates;
- Birthplace; and
- Social Security numbers.
Seymour said that the accessed files did not contain:
- Back account information; or
- Health care information.
An individual familiar with the investigation and who asked to remain anonymous said the hackers also were able to access information on individuals who have received or applied for security clearances. Such information typically includes detailed information that could disqualify a person from obtaining the clearance.
Seymour said no specific category of employee was targeted (Bloomberg Business, 6/5). OPM will notify affected individuals from June 8 to June 19 (Shoop, Government Executive, 6/4).
Those individuals will be able to request up to 18 months of no-cost credit monitoring (New York Times, 6/4).
Potential Connection to Insurer Incidents
Forensic evidence suggests that the hackers who gained access to OPM’s files are the same as those involved in attacks disclosed by Anthem and Premera Blue Cross earlier this year, according to John Hultquist, of iSight Partners, which works with federal investigators on cyber intelligence (Bloomberg Business, 6/4).
In March, Premera Blue Cross– a health insurer based in Washington state — announced a massive cyberattack that occurred in May 2014 and might have exposed the personal information of more than 11 million individuals (iHealthBeat, 3/31). In February, Anthem announced an attack that could affect about 80 million individuals (iHealthBeat, 2/25).
The incidents are thought to be part of an effort by Chinese hackers to obtain health care and other personal information on government employees and contractors from several sources — such as insurers, agencies and contractors, a U.S intelligence official said. Such information could be used for blackmail, bribery, entrapment or other traditional espionage tools (Bloomberg Business, 6/4).
Nonetheless, it remains unclear whether the attack is connected to espionage or commercial gain. The Obama administration has not publicly identified the hackers (New York Times, 6/4).
Zhu Haiquan, a spokesperson for the Chinese embassy in the U.S., said, “Cyberattacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify.” He added, “Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive” (Bloomberg Business, 6/4).
Sen. Seeks Cybersecurity Measures
In response to the disclosure, Sen. Angus King (I-Maine) issued a release urging Congress to pass cybersecurity legislation.
King has advocated for Congress to pass the Cybersecurity Information Sharing Act (SB 754, HR 212). King has said Maine businesses in different sectors, including health care, have voiced “serious concern about cybersecurity or had even experienced some type of cyber intrusion” (King release, 6/4).