In May of 2015, CareFirst BlueCross BlueShield announced that it had been hacked almost a year before. The CareFirst data breach affected approximately 1.1 million customers, compromising their personal information, including names, birth dates, email addresses, and subscriber details. While a shocking revelation to many, it’s important to note that the CareFirst security breach was the third major breach to be disclosed by a health insurance company this year.
Healthcare Institutions Increasingly Under Threat
There are many reasons that hackers are attacking healthcare companies with greater frequency. Despite the compliance requirements set out by the Health Insurance Portability and Accountability Act (HIPAA), the health insurance industry has been lagging behind other sectors when it comes to cyber security.
Because the federal government does not set standards for cyber security, it’s up to individual companies to determine how best to protect their data. Executives must weigh the risks and rewards of investing in constantly changing cyber security, and fewer than you would think have taken a proactive approach to the problem.
How Stolen Data Is Used
Though millions of records were compromised in the CareFirst breach, all indications point to the fact that what was stolen was not highly sensitive. As far as investigators know, social security numbers and financial information were not affected. So how do these hackers, who remain unidentified, plan to use what they gained from this security breach? According to experts, the type of information stolen is perfect for hackers who want to represent themselves as a health insurance provider, in this case CareFirstBCBS, in order to operate a phishing scam.
If you’re a CareFirst customer, do not respond to phone calls or emails purporting to be from your provider. As a result of the CareFirst security breach, the insurance company has said they will only provide notification to their customers via mail.
The Right Approach to a Data Breach
The CareFirst security breach was first discovered and reported on in June 2014 by CareFirst’s end-to-end IT review, a proactive strategy that allowed the company to discover this relatively contained breach and to appropriately responding to it.
According to experts, this is part of the right approach to handle security reviews. One step should be to ensure their network is secure and to reduce the risk to customers and show due diligence to regulators. Healthcare organizations in particular are subject to HIPAA compliance and other regulations, and are likely to see more interest from hackers as time goes on, thanks to the nature of the data they hold.
Improving the Data Security of Healthcare Organizations with eFileCabinet
The CareFirst security breach is one of the most visible at the moment, but experts believe that healthcare giants Anthem and Premera were also attacked with the same methods. In total, these 3 breaches could affect as many as 90 million Americans.
Healthcare related companies that wish to improve their data security are likely looking at two main factors: remaining HIPAA compliant and maintaining the confidentially of their clients. eFileCabinet can help with both concerns by offering a secure system for data storage and encryption, protection from physical destruction, and HIPAA-mandated audit trails.
Data Backup
In order to remain HIPAA compliant, companies must have a data backup plan in place. Experts recommend using Cloud-based backup for a number of reasons: backups are automated, entire systems can be backed up regularly, and the physical security of data is increased with off-site data centers.
Physical Safeguards
HIPAA compliance also requires physical safeguards, which create essential barriers between healthcare information and anything (or anyone) that poses a threat. It’s often impractical for smaller healthcare agencies to implement their own physical security, which is one reason they turn to companies like eFileCabinet with proven capabilities in:
- Power conditioning
- Protection against natural disasters
- Personnel access controls
- Fire detection and suppression
- Strong environmental controls
- Redundant connections
- Backup power systems
- Video surveillance
Audit Trails
A smart idea for any company at risk for cyberattacks, audit trails are required for HIPAA compliance. Audit trails give companies access to a wealth of information around data access and usage, including who has accessed data, what was accessed, and the specific changes that may have been made. This is essential to the successful investigation of cyber attacks or attempts.
Regardless of the sector a company operates in, a data breach is always a serious issue. Fill out the form on this page to learn how eFileCabinet can help companies of any size, and in any industry, prevent security breaches.