2 Chinese men indicted for hacking Anthem, 3 other companies
INDIANAPOLIS (AP) — A federal grand jury has indicted two Chinese men for hacking into the computers of health insurer Anthem Inc. and three other, unnamed companies, the Justice Department said Thursday.
The indictment alleges Fujie Wang, 32, and a man identified only as John Doe stole the personal information of nearly 79 million people — including names, birthdates, Social Security numbers and medical IDs — from Anthem in 2015 in the biggest known health care hack in U.S. history. Indianapolis-based Anthem, the nation's second-largest health insurer, agreed last October to pay the government a record $16 million to settle potential privacy violations.
An FBI wanted poster says Wang resides in Shenzhen, China.
Wang and Doe are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.
A Justice Department spokeswoman had no comment when asked how confident it is that Wang will be brought to the U.S. for prosecution. The U.S. does not have an extradition treaty with China.
The indictment alleges that beginning in February 2014, Wang, Doe and other members of a China-based computer hacking group installed malware and tools on the compromised computer systems to further compromise the computer networks of Anthem and the other three businesses, collected files and other information from the compromised computers, and then stole this data.
In a 2015 report, the cybersecurity firm Symantec said the Anthem hack was believed to be the work of a well-resourced Chinese espionage group it called Black Vine that it said had been actively conducting cyberespionage for three years targeting industries including aerospace, energy and health care.
Anthem issued a statement saying it was "pleased" with the indictment and that "there is no evidence that information obtained through the 2015 cyber-attack targeting Anthem has resulted in fraud."
The Blue Cross-Blue Shield insurer reached the $16 million settlement with the Department of Health and Human Services. HHS said its investigation found that Anthem had failed to deploy adequate measures for countering hackers.
Associated Press writer Frank Bajak in Boston contributed to this report.