back to article Premera Blue Cross hacker victims claim insurer trashed server to hide data-slurp clues

Health-insurance biz Premera Blue Cross has been accused of deliberately knackering one of its computers to cover up details of a cyber-break-in. The organization denies any wrongdoing. The allegation was leveled last week against Premera, and is the latest twist in a long-running class-action lawsuit filed by the insurer's …

  1. Mark 85

    Crap rolling downhill it will be.

    So the end result will be some poor guy/gal in IT will take a hit (possibly a big one) for being the one person who acted alone and decided to destroy the computer. Maybe his boss but unlikely the blame will go any higher.

  2. Anonymous Coward
    Anonymous Coward

    Am I missing something?

    I know it's late and perhaps I misunderstood some things in this article but...

    " the insurer drafted in experts from FireEye Mandiant in October that year [2014] to shore up its network. Mandiant's eggheads discovered the well-hidden intrusion months later in January 2015 before subsequently identifying 35 infected computers.

    And this:

    "That 35th computer allegedly contained evidence proving that the hackers used customized malware to download sensitive data. This system was apparently marked as an “end-of-life” asset in 2016 by Premera’s IT team and destroyed."

    Am I understanding correctly that Mandiant knew about an intrusion in January of 2015 and an entire year passed without Mandiant making a forensic image of this so-called "developer" computer but does have forensic images of all the others?

    Isn't this the same Mandiant FireEye that was "protecting" Equifax?

    https://www.theregister.co.uk/2017/09/11/equifax_incident_response_omnishambles/

    I'm seeing a pattern here.

    1. Pascal Monett Silver badge

      Re: Am I missing something?

      I agree with you that something doesn't fit. Mandiant had time to find the malware on the destroyed computer, find that there were archives for exfiltration, find everything it needed to determine the scope of the problem, but did not put the computer under quarantine, did not take it away, nor even put a "Do Not Touch" sign on it ?

      What kind of forensic data management is that ?

      And how is it that no manager at Premera told the IT peons to leave that thing alone ?

      1. chivo243 Silver badge
        Holmes

        Re: Am I missing something?

        @ Pascal Monett

        And how is it that no manager at Premera told the IT peons to leave that thing alone ?

        He probably did, but some C or D level PHB knew better and had it quietly EOL'd on the sly

        1. Alan Brown Silver badge

          Re: Am I missing something?

          "He probably did, but some C or D level PHB knew better and had it quietly EOL'd on the sly"

          If that really was the case, then Enron springs to mind - the penalties for the original crimes were pretty small. What got people actual prison sentences was deliberate destruction of evidence (and ordering same)

  3. Kevin Johnston

    Job-hopping

    I presume we will discover this is the same 'rogue engineer/technician' responsible for data security at any number of other firms who makes a good living taking the blame for these problems before moving on to the next firm in need of a scapegoat.

    I wonder what the hourly rate is like?

  4. Anonymous Coward
    Mushroom

    Staging computer A23567-D

    What class of a computer was it that could be compromised for at least eight months without anyone noticing?

    1. Martin Gregorie

      Re: Staging computer A23567-D

      What class of a computer was it that could be compromised for at least eight months without anyone noticing?

      One used by several developers for a variety of tasks? I can well imagine that, in a somewhat chaotic environment, nobody would know exactly what should be on it or what anybody else may have installed.

  5. Anonymous South African Coward Bronze badge

    Recently had a compromised computer on the network. It was replaced with a good, clean PC, and the offending PC now awaits the proper code to initiate its own self-destruction cycle which should wipe out all life on this planet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like