Premera Blue Cross has become the latest insurance provider to come forward about falling victim to hackers after revealing a massive attack on its systems that could affect millions of consumers. The breach reflects a growing threat against the healthcare sector that has intensified considerably in recent quarters.

The industry reached the current alarm level just over a month ago when Anthem Inc. reported the theft of personal information belonging to over 78 million people in the largest and most wide-reaching cyberheist of its kind yet. The close timing between the discovery of the two attacks hints towards a distressing pattern that the latest forensic analysis appears to confirm.

Both breaches involved a sophisticated phishing campaign that targeted insiders with infected links deliberately spelled to appear as legitimate company web addresses. The schemes employed the same malware as well, which researchers from ThreatConnect Inc. tied together weeks before Premera publicized the attack.

The similarities with the techniques and tooling used in the earlier breach of Anthem indicate a common source. No suspects have been named officially, but two unnamed tipsters involved in the investigation revealed to the press that the attack likely originated from China. That’s seemingly supported by the fact that none of the stolen data data from either breach has surfaced on on black market as of yet.

The fact that the attackers are no in rush to sell their digital loot indicates a motive other than the commercial interests that drive more conventional attacks against healthcare companies, which one chief security officer explained to SiliconANGLE can make more lucrative targets than even credit providers. One theory is that the breach is part of an effort to gather intelligence on customers of Premera, which works with Microsoft Corp. and other major US companies.

Fortunately for the up to 11 million individuals who may have been compromised in the breach, their data was stored in an encrypted format at the time of the theft. But there are few other positive aspects to the ordeal.  For starters, there’s a strong likelihood that sensitive details such as Social Security numbers, addresses, banking information and health data are included in the stolen trove.

Premera has also come under criticism for taking six weeks to notify authorities after first discovering the intrusion, which went undetected for an estimated eight months. The most alarming part is that eight months is about the average for such large-scale incidents, which highlights that there is still a very long way to go until consumers can feel truly confident about sharing their most confidential information.