2 men based in China indicted on hacking charges in massive Anthem data breach

Two people alleged to be part of an "extremely sophisticated hacking group" based in China were indicted in Indianapolis after a data breach that affected nearly 80 million customers of Anthem Inc., one of the nation's largest health insurance companies, federal authorities said.

The indictment unsealed Thursday charges Fujie Wang, 32, a Chinese national, and another person identified as "John Doe," of targeting the Indianapolis-based health insurer and committing "one of the worst data breaches in history,” according to a news release from the Department of Justice.

A federal grand jury returned an indictment in the U.S. Southern District of Indiana, the release said.

Beginning in February 2014, Wang and Doe allegedly gained entry into the computer systems of Anthem and three other U.S. businesses without permission, authorities said.

The other businesses are identified in court documents only as "Victim Business." The indictment says the businesses are in the technology, basic materials and communication services sectors, respectively.

How the data was stolen

The defendants are accused of installing malware and tools on the compromised computer systems and identifying "data of interest" on the computers, which included personal information, according to the indictment.

They allegedly stole data from approximately 78.8 million people from Anthem's computer network, including names, health identification numbers, dates of birth, Social Security numbers, addresses, telephone numbers, email addresses, employment information and income data, the indictment states.

In January 2015, the defendants accessed Anthem's computer network, transferring files containing person information from Anthem's systems in the U.S. to destinations in China, authorities said.

The company first detected the data breach on Jan. 27, 2015, the company said at the time. It announced the cyberattack about a week later. No actual medical information appeared to have been stolen, nor was any credit card information obtained, USA Today reported.

Due to incident response measures by Anthem, the indictment says, the defendants' access to Anthem's network was terminated on Jan. 31, 2015.

But the sensitive information that was acquired left millions vulnerable. The breach spawned multiple lawsuits alleging that Anthem did not take adequate and reasonable measures to ensure its data systems were protected and that the Anthem customers whose information may have been affected could be harmed.

Anthem: 'No evidence' stolen data led to fraud

In a statement to IndyStar on Thursday, Anthem said there is "no evidence" that information obtained through the 2015 cyber-attack targeting Anthem has resulted in fraud.

"Anthem takes the security of its data and the personal information of consumers very seriously. We are committed to safeguarding Protected Health Information (PHI) and Personally Identifiable Information (PII), and adapting to the changing health care information security environment and will continue to collaborate with state and federal regulators and partners in this critical work," the statement said.

Experts told IndyStar in 2015 that the type of information that the hackers accessed could create problems for those affected for years to come, experts say.

It's unclear in the indictment exactly how the defendants were identified as suspects. In the news release, officials credited the companies' quick response to the attack.

“Because the victim companies promptly notified the FBI of malicious cyber activity, we were able to successfully investigate and identify the perpetrators of this large-scale, highly sophisticated scheme," said Matt Gorham, the assistant director of the FBI's cyber division.

Wang and Doe face charges of conspiracy to commit fraud and related activity in relation to computers and identity theft, conspiracy to commit wire fraud and intentional damage to a protected computer.

Contact IndyStar reporter Crystal Hill at 317-444-6094 or cnhill@gannett.com. Follow her on Twitter: @crysnhill.