On January 29th, 2015, a data breach occurred that affected millions of Americans. This Anthem security breach is considered to be the largest of its kind and has put many Americans on alert to the potential risks of having their personal information shared. Let’s take a look at why the hackers targeted Anthem, what data was compromised, and what companies can do to protect healthcare security in the future.
Cyber Crooks Have Many Reasons to Target Healthcare Companies
Healthcare providers and insurers are an obvious target for hackers for a number of reasons. First of all, these companies don’t stick to simply PII (personally identifiable information) about their clients, like a bank or phone company would. Instead, they collect, collate, and keep some of the most personal data possible about every client.
Healthcare providers collect this data to provide the best possible care to their patients, and healthcare insurers collect it to assess how much a person is likely to cost them if they become a customer. Anyone who has applied for health insurance has likely wondered at the deeply personal nature of some of the application questions. They can cover lifestyle, hobbies, and very detailed questions about past treatments and operations.
The Usefulness of this Personal Information
Hackers use this sort of deeply personal information in a number of ways: With so much data at their fingertips, they can easily find out more on various social media sites. For example, they may learn from Facebook or LinkedIn what your employment history is and which cities you’ve lived in. They can then use this for social engineering.
Social engineering, in a nutshell, is simulating a trusted relationship with a company, or an individual, to get access to funds, services, products, passwords—and a lot more. When companies have this level of information on you, they can easily create new bank accounts, open up credit cards, and even take out mortgages. There is no end to the ways this information can be used for social engineering purposes.
The Extent of the Data Breach Is Unknown
While there’s a lot we do know about the Anthem security breach, there’s also plenty we don’t know. Initially, Anthem tried to squash concerns by announcing the PII that was found and stolen from their databases did not include medical data or payment information. They claimed they had no reason to believe that credit card info or banking specifics were compromised, and that test results, diagnostic codes, and other medical information was not obtained.
The company continues to stick to these claims. However, experts agree that there’s no way to be 100% certain that the hackers didn’t get deeper or further than Anthem knows. The best recommendation is for those affected to assume that all of their data was collected.
What We Do Know About the Data Breach
While we don’t know exactly how far the data breach went, we do know that the hackers got information on members that include their names, birth dates, member IDs, social security numbers, employment information, email address, home addresses, and phone numbers. Anyone who’s filled out a credit card application knows that this level of information can get them pretty far.
Millions of People Were Affected
The original report stated that about 80 million records were compromised. As time went on, that number dropped to 78,800,000. That may not seem like much of a difference, but it means about 1.2 million people who were initially considered affected were actually not.
Keep in mind that consumers with accounts with companies other than Anthem were also affected. Blue Cross Blue Shield was highly affected, and not all of the plans compromised were owned and operated by Anthem. Thanks to reciprocal agreements with other providers, Anthem has records on the customers of numerous companies.
The Importance of Good Security Practices
If nothing else, this healthcare security breach shows consumers and companies how crucial good security practices are. Anthem has published some decent advice on how to deal with the risk of identity theft. One of the notable facts about their treatment of this breach is that they’re committed to only contacting consumers via snail mail. As a result, anyone who gets a call or email about the breach should assume that it’s fraudulent.
It’s essential that any company that collects personal information about consumers has an incredible amount of security, but this is even more important in the healthcare field. HIPAA compliance is clear and requires companies to take many steps to ensure the privacy of the information they hold.
The security measures included in eFileCabinet take into consideration all 3 HIPAA compliance categories: administrative safeguards that deal with the policies and procedures of the organization using them, physical safeguards that deal with the actual, physical security systems and data, and technical safeguards that deal with electronic security. To learn more about your options with eFileCabinet, fill out the form on this page.