The health insurer Anthem Inc., which manages Blue Cross plans across a dozen states, recently announced that a hacking incident has compromised a database containing personal information of nearly 80 million individuals worldwide. Anthem believes that the unencrypted compromised information could include current and former members? and employees? names, birthdates, medical IDs/Social Security Numbers, Street and email addresses, and employment information. The Anthem breach is a warning signal to the healthcare sector that outsiders see great value in the data maintained by healthcare providers, health plans and business associates. Chinese hackers are believed to be behind this attack as per some news reports.
The data breach at Anthem Inc., the largest breach across the healthcare industry, since the enforcement of HIPAA breach notification rule provides a lesson for the healthcare establishments to beef up their preventive and proactive measures, to guard healthcare database from hackers. In a technology centred business world, enterprises need to efficiently evaluate their networks and scan for any loopholes so as to protect their data bases from the prying hands of the cyber criminals.Investigations are on to locate the culprits; some news reports believe that role of Chinese hackers in the Anthem breach. This incident has not only strengthened the need for adherence to HIPAA Compliance Regulations by healthcare businesses and their business associates but also serves a marked reminder of the importance of HIPAA covered entities? and BAs? to assess and address professionally the risks to electronic personal health information( ePHI).
This incident is a stared reminder for the need for a systematic risk analysis and risk management system for the techno-centric healthcare establishments and business associates. Even as experts look into lack of encryption as a major cause of breach, data encryption is no silver bullet against data breaches.
The Anthem data breach is a cautionary call to all healthcare businesses for addressing the need to ensure compliance to security controls as detailed under the HIPAA/HITECH regulations.
Conclusion
While recent investigations point towards “backdoor malware” as also a cause for such large scale data breach at Anthem Inc, intelligent continuous monitoring and analysis system would have been able to detect the Anthem attack very early. Aegify Security Posture Management tool is optimized to prevent exploits across the entire IT infrastructure. Its unique flexible cloud-based architecture not only scans single as well as multiple assets, its enterprise-class protection scans for more nearly 32,000 vulnerabilities using about 92,000 checks across physical and virtual networks, operating systems, databases, and Web applications. Moreover, it’s automated compliance mapping system deployed across physical and virtual network environment ensures continuous monitoring of security, risk, and compliance with real-time status. The Security Posture Assessment and Management Tools will help enterprises protect their data from such breaches.
