Laura Whitaker, Practice Manager, IT Forum
Last week, the insurance giant Anthem announced that a suspected cyberattack had exposed a database housing the identifying information for about 80 million of its customers, former customers, and employees.
The hack is believed to be the largest health care cyberattack in history, and while the investigation is ongoing, early evidence suggests that Chinese state-sponsored hackers may be involved.
Security Breaches Can Happen Anywhere, Anytime
This large, high-profile incident shows that a security breach can happen to any organization. However, that doesn’t mean all breaches are created equal; security experts have homed in on Anthem’s lack of encryption for stored customer data as a key vulnerability. While HIPAA requires encryption when data is shared, data storage has a lower security bar—making it an easier target for attackers.
The incident will likely prompt many health care organizations to re-evaluate their security posture and investments in data security tools. Just remember: an uncoordinated response and naïve end-users can defeat many of the technologies put in place to safeguard information.
One method to promote success? Re-think how your organization responds to data breaches and how you educate end-users about information security standards.
Resources to prepare for a breach
Our IT Breach Preparation and Response Toolkit provides guidance and templates for expediting breach response, reducing associated costs, and minimizing risks while protecting your institution’s reputation. Download the toolkit.
Our recent webconference highlights our research on security awareness and governance, including effective end user education and methods for overcoming administrative roadblocks to better security awareness. Stream the recording.