America’s second largest health insurance provider shocked customers this month when it announced that its networks had been breached, exposing information on tens of millions of account holders.
Anthem reported in early February that cybercriminals were able to access personal information – including dates of birth, addresses, Social Security numbers and medical identification numbers – of as many as 80 million customers and employees, making it the largest data breach of its kind. Multiple Anthem brands were affected in the attack, including Anthem Blue Cross and Blue Shield, Amerigroup, Blue Cross and Blue Shield of Georgia, Caremore, Anthem Blue Cross, Unicare, Healthlink and DeCare.
While Anthem CEO Joseph Swedish said that there is no evidence financial information or patient medical data was compromised, he did admit that the hack went so deep that even his personal information was exposed.The insurer is working with the FBI to investigate the source of the attack, but the malicious actor responsible has yet to be identified.
Insurance regulators cracking down on security
On top of the problems of trying to find the person who hacked their system and recover stolen customer information, Anthem now also has to deal with a national investigation being launched by insurance regulators into the company’s security practices. The National Association of Insurance Commissioners, a group representing state regulators, initiated the probe to review the steps that were or were not taken to protect customer information and ensure that all compliance requirements were met.
The investigation will likely include all of the states and U.S. territories in which Anthem has branches but led by regulators in the states in which the company has the strongest presence, including Indiana, Maine and California. For the most part, health insurance is regulated at the state level and regulators are able to impose sanctions, including fines, if they conclude that their state’s requirements were not met.
A spokesperson for Anthem said that the company is welcoming the review and is ready to cooperate fully. Since the breach was discovered, the insurer has “taken quick action to enhance our systems and security processes,” but clearly deeper issues exist if it took an attack of this scale to spur an infrastructure improvement.
Insurance companies are under more scrutiny than ever as cyberattacks become increasingly sophisticated and frequent. One of the most reliable ways insurers can improve the protection of customer data is to employ a layered security strategy. Using multiple forms of defense at once is especially beneficial with organizations that store massive amounts of data, as it will protect files from all possible entry points. Solutions like Faronics Anti-Virus offers traditional firewall protection, as well as Anti-Spyware, Anti-Rootkit, Anti-Virus and Web filtering. How long will your organization wait before protecting its most important assets?