Healthcare organizations need to take several key steps to protect their environments from the type of cyber-attacks that recently affected Anthem and Premera Blue Cross, says security expert Mac McMillan.
“If we could just start eliminating some of the easy ways that attackers can get in, that more than anything will have the biggest impact,” McMillan says….
The note that arrived in the mail, dated March 25 and addressed to my grade-school-age daughter, said what we had expected and feared: Like tens of millions of other Americans, including untold numbers of children, she may have fallen victim to thieves who gained access to Social Security numbers and other personal data from the health insurance giant Anthem….
Following a recent data breach that may have exposed the personal information of as many as 80 million current and former customers and employees, health insurance provider Anthem has refused to allow the federal Office of Personnel Management’s Office of the Inspector General (OIG) to conduct vulnerability scans of its systems, GovInfoSecurity reports.
Anthem also refused to allow the OIG to conduct similar vulnerability scans in 2013.
The OIG told GovInfoSecurity that Anthem refused to permit it to conduct “standard vulnerability scans and configuration compliance tests.”
Even though there are lots of great, critical posts and news pieces about the Anthem breach, they haven’t come close enough to this truth: Anthem may be the worst breach we’ve ever seen, and it is in any event a wake-up call to our health care system, our government and every sector of our economy that has not rethought identity protection, because it will be followed by more and more similarly dangerous breaches that make the credit card breaches of the last few years look like nothing, not to mention the even more serious breaches of the critical infrastructure and the internet of things in our homes.
Let’s imagine you were a very sophisticated national government wanting to do harm to the US through cybercrime against personal information….
The cyberattack on Anthem, one of the nation’s largest health insurers, points to the vulnerability of health care companies, which security specialists say are behind other industries in protecting sensitive personal information….
It’s ugly news. Healthcare record storage is where we’re flat-out vulnerable, yet there’s little we can do to protect our information when it’s in someone else’s hands.
In this instance, Anthem didn’t even have your records encrypted (and lord knows they can afford to do so). Apparently, encrypting your data would have been inconvenient….
We all know breaches are terrible, but in today’s world they happen almost monthly. Why then does the Anthem breach have everyone so scared?
First, this is the very first large scale breach that contained medical information, one of our most personal pieces of data, that’s scary.
Second, it is now being reported that the breach may have been initiated in China or another foreign country. So now my medical data is in China? That’s really scary.
Lastly, children’s information was part of the breach. Now this is the part we should be really scared about….
What You Need to Do to Protect Yourself if you are an Anthem, Blue Cross or Blue Shield customer….
Fraudsters and hackers have seized on this week’s massive hack of Anthem — the second largest health insurance company in the US — as an opportunity to perpetrate phishing scams. Subscribers, past and present, to Anthem services like Blue Cross -Blue Shield have started receiving phishing emails that purport to be from the company.
Beware of phony emails and phone calls
Emails promise free credit monitoring service, and encourage recipients to click on a link in the email to enable a free year of credit card protection. Anthem has confirmed that while it will be offering a credit monitoring service, it has not yet sent out any such emails.
Making matters worse, some have received cold calls from fraudsters who claim to be with Anthem….
