Anthem Health Insurance Breach

Next story

image

Anthem inc., the second largest health insurer in the US, has suffered a breach which has compromised the personal information of roughly 80 million customers and employees. Mark James talks about the value in personal data and the future of corporate security.


According to Anthem medical records and financial details were never in danger, but admits that names, dates of birth, social security numbers, home addresses, email addresses and employment data were all at risk.

It is as yet unclear how the hackers were able to gain access to the database but Anthem describes it as a “very sophisticated attack”.


“Personal data is just as valuable…”


All data has a value, obviously CC data can be used directly in fraud cases but personal data is just as valuable,” Mark explains.

Targeted phishing attacks can be used with very viable personal information included to make the end user more trusting and hand over valuable details including web site credentials and credit card data.”

Some forms of phishing have as high as a 45% success rate according to research released by Google.

“Most people will recognise spam emails but once you include your full name and DOB along with some other real life true info, that spam email is now looking like a legit email from a reputable source, often talking about a subject most people find unbelievable that someone else would exploit.”


Post breach and beyond


Similarly to Kmart, who were breached late last year, Anthem are offering customers free credit and identity-theft monitoring services. I asked Mark if he likes the idea.

“Absolutely if your data has been compromised it should come as a given that you have protection for, I think, a lot longer than 1 year after the event: it should be back dated to the original date of compromise and run at least 3, if not 5, years.”

Sadly it seems that problems with Internet security only get fixed once they have gone wrong and Mark agrees.

“Sadly yes, it needs to make the news and be of a large enough amount worthy to be commented on, security has to improve.

“Companies, however large or small, must be held accountable through large fines and legislation to be forced into doing something, not AFTER but before the breach.

Security is often sold to the lowest bidder or outsourced completely and is often not treated as important as it should be.”

UPDATE: Just as I was about to make this blog live SCMagazine has warned of a spate of phishing email already circulating. Some are even trying to take advantage of the free credit monitoring offered by Anthem post-hack: possibly one of the lowest tactics I’ve heard of recently.


Join our LinkedIn Group and stay up to date with the blog.

Have you been effected by one of the recent breaches?