If we combine the Check Point firewall job posted on the Anthem Inc's website on 1/30/2015, add in the "discovery" on 1/29/2015, and think about Check Point's vulnerability to Heartbleed and Shellshock last year, one might also guess that a VPN stolen-credential compromise (like the major CHS breach last year) or a generic firewall compromise (via shellshock) are in the running as possibilities.