Anthem is one of the largest insurance providers in the United States. Unfortunately in 2015, they had the dubious honor of suffering the largest health data breach in history. It left protected health information of nearly 79 million of their customers exposed.

As a result, a division of the US Department of Health and Human Services called the Office for Civil Rights (OCR), levied the largest fine against the company in the agency’s history. They were fined a staggering sixteen million dollars.

An investigation into the matter revealed that Anthem had not put sufficient safeguards in place to protect patient data. As a result, hackers were able to breach the system via a phishing attack and make off with customer names, addresses, dates of birth, social security numbers, email addresses and employment information.

The Director of OCR, Roger Serverino, had this to say: 

“The largest health data breach in US history fully merits the largest HIPAA settlement in history.  Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information.  We know that large health care entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR.”

Tim Sadler, the CEO of Tessian, added the following:

“During the three years since the Anthem breach took place, spear-phishing attacks have increased significantly in their indistinguishability and effectiveness.  Yet human error has remained inherent, inevitable, and largely ignored as a security vulnerability by organizations.”

He concluded his remarks by pointing out that advanced AI algorithms and machine learning could be employed to help spot the kinds of attacks used to such great effect against Anthem, in order to minimize the risks going forward.

If your business is in any way connected to the healthcare industry, this approach certainly bears further investigation.

Contact us today to get a quote for our Managed Security Services.


Used with permission from Article Aggregator

According to this year’s Traveler’s Risk Index, a majority of business owners have a somewhat fatalistic view of hacking and data breaches.  The index reveals 52% of survey respondents believe a cyber attack is inevitable.

The other statistics in the report paint a grim picture.  Here’s a quick overview:

  • 55% of business owners say that they have not completed a cyber risk assessment
  • 63% say that they have not yet completed a cyber risk assessment on vendors who have access to their data
  • 62% indicate that they have not yet developed any kind of business continuity plan. This means they don’t even have the basic outline of steps needed to be taken when faced with a successful attack
  • The number of cyber attack victims has doubled from 10% in 2015 to 20% in this year’s survey

Yet in spite of this staggering lack of preparation, fully half of all survey respondents say they have cyber insurance.

Tim Francis, the Enterprise Cyber-Lead at Travelers, had this to say about the report:

“Cyber risks carry serious consequences for any business, threatening everything from revenue to operations.  These findings reveal some surprising things about how companies view their cyber exposure, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyber-attack.”

It’s a thorny problem, for sure.  Most small to medium sized business are strapped for cash.  They simply can’t dedicate the level of resources they’d like to toward data security.

The good news is that this most recent survey reveals a few simple, low-cost things you could do starting today that would dramatically improve your chances of dealing with a cyber-attack.

What is your company doing to not only protect against cyber attacks, but remediate them when they inevitably occur?  Do you have a plan in place?  Hiring a managed security service provider will create a seamless and effective way to protect from threats, detect them, and react to them quickly. Ultimately, it will save your business 20 – 50% in IT Services.  Request a quote today.