The California Department of Insurance conducted an investigation finding a foreign government was likely responsible for Indianapolis-based Anthem's cyber attack that impacted 78.8 million consumers.
Here are five key points:
1. Anthem discovered the breach on Jan. 27, 2015, with the insurance company and its affiliates announcing that the breach to the public in February 2015. Cybercriminals compromised 78.8 million consumer records.
2. Seven insurance commissioners, including California Insurance Commissioner Dave Jones, led the nation investigation into Anthem's 2015 data breach. The California Department of Insurance reports the investigative team found "with a high degree of confidence the identity of the attacker and concluded with a medium degree of confidence that the attacker was acting on behalf of a foreign government."
3. In past attacks, the team noted this specific foreign entity did not transfer personal information to non-state parties.
4. When analyzing the breach, commissioners uncovered hackers accessed Anthem's system on Feb. 18, 2014. On that day, a user within one of Anthem's subsidiaries opened an email which had "malicious content." Opening the email allowed cyber criminals to download malicious files to the user's computer, granting them access to the computer and at least 90 other systems with Anthem.
5. During the investigation, the insurance commissioners centered on Anthem's response adequacy when the breach occurred as well as their post-breach response and corrective actions. The team said Anthem took reasonable measures to protect itself from the breach and their remediation plan allowed the company to respond quickly and effectively following the incident.