In late January 2014, a system administrator at Anthem, at the time one of the world’s largest health insurance providers, made a troubling discovery. The previous night, someone had used their account to execute several queries intended to collect sensitive customer data from Anthem servers.¹ In doing so, the attacker had stolen personally identifiable information (PII) associated with nearly 80 million Anthem patients.

In 2015, cybersecurity vendors Trend Micro and Symantec identified the attacker: dubbed Black Vine, they were believed to originate from a country in southeast Asia.² Moreover, the vendors’ research indicated ...