OPM and Anthem Breaches

Brian Klenke

There has been much reporting that the data breaches at Anthem, and more recently the U.S. Office of Personnel Management (OPM), are attributable to China. If this is the case, the public is potentially getting a view into how government intelligence agencies get things done. In recent weeks, several people have asked me why the personal data stolen during the Anthem breach does not seem to have made its way to the black market of identities for sale. Reporting on the OPM breach has floated the notion that China is using that data to build dossiers on Americans for the purpose of “recruitment and influence.”  Some articles are quick to speculate that China is looking find out which OPM employees with security clearance information access have vices and bad habits. 

If China is behind the breaches at both Anthem and OPM, I will venture to say that the pool of people they can identify as vulnerable for recruitment is much larger than the few folks with gambling problems or who lead alternative lifestyles. Intelligence lingo uses terms like recruitment of sources or assets. When reporting uses phrases like “Target Americans…for recruitment and influence,” in plain English it means China will be using this data to figure out which Americans can be converted as spies useful to China’s objectives. The OPM data combined with the Anthem data gives an intelligence agency far more options to convince someone to work for them than just blackmail. 

For example, from the OPM data, you’d likely be able to determine an employee’s position and their security clearance. This would give a foreign intelligence service a pretty good idea of what kinds of information that employee has access to, programs, processes, or policies that employee may have influence over, etc. Cross-reference that against healthcare data from Anthem, and you’d likely be able to identify potential medical issues the employee or, possibly more importantly, their dependents may have. 

A Federal employee may not need to have embarrassing skeletons in their closet to be at risk to providing information or access to a foreign intelligence service. They may simply have a very sick daughter, and be struggling to get access to treatments or make payments on medical bills. This would make them vulnerable to offers of money, access to organ donors, etc. Love of country is one thing, but someone offering the money or resources that can save your child or spouse from a horrible medical condition in exchange for a little bit of information about something going on at work may be very hard for some people faced with that challenge to refuse. 

This type of influence is nothing new to intelligence services worldwide. Their tools extend far beyond just blackmail. They have the tools, money, and resources to influence people in lots of ways, whether it’s the promise of reward or the threat of punishment. 

So if China was indeed behind the Anthem breach, we need to now welcome the entire healthcare community into the world of international intelligence and espionage. And if China was indeed behind the OPM breach as well, we need to be worried about far more than a few people who might be embarrassed by the information in their security clearance documentation.