Another large scale data breach has happened in the Healthcare Industry. Know more about it.
Anthem Inc, America’s second largest insurer announced on 4-Feb-2015 that social security numbers and other personal data including names, addresses, email addresses and income data were stolen by hackers. Payment card details and medical data like claims made and test results do not appear to have been stolen. More than 80 million records were stolen. It appears that this attack was the result of an Advanced Persistent Type (APT) of attack where administrator accounts were hacked and custom malware planted in systems which were used to further the attack. There have been reports that the data was not encrypted. But, in this case, if what is reported is accurate and the hackers indeed gained access to administrative accounts, then, encryption would not have accorded greater protection. Around 80 million records have been compromised. In fact, according to the hss.gov website, encryption of data is not mandatory and an organization can implement an “equivalent alternative measure, presuming that the alternative is reasonable and appropriate”.
Soon after the Anthem hack, by some reports, just hours after the hack was announced, there were was a flood of phishing attacks hoping to capitalize on the public concern over the stolen personal data. This phishing campaign was kick started by a message in the Anthem website’s FAQ relating to Anthem providing one year’s free credit monitoring services for those customers who were affected by the hack.
Customers have filed lawsuits against Anthem in Indiana, California, Denver, Georgia and Alabama, among others. Customers have primarily accused Anthem of failing to adequately protect their information.
What could be the impact of such stolen data on customers?
Identity theft using the stolen personal data is one of the primary threats that consumers face.
Information Security, SSAE 16, ISO 27001, CISA, Cert-IN