Major Breach at Health Insurer Anthem: 80 Million Records Compromised
As many as 80 million records at the major insurance company Anthem were compromised recently in a hack of which the company still does not know the entire scope. The information available to the hackers included social security numbers. It was exactly the sort of information that would be needed to steal identities.
The company emphasized that the information potentially stolen would not relate to insurance claims, overlooking the fact that the data could be used to establish credit accounts under the names of the customers.
The Largest Breach on Health Care Company Ever
This breach is believed to be the largest ever by a health care company. The last major attack on a health care related firm was the hack of Community Health Systems Inc. which resulted in the theft of millions of patient records. This led the FBI to issue a general warning that health care related companies would be targeted in cyber attacks going forward, partially because the data available in such troves is so valuable to identity thieves. For the people actively hijacking the data, each identity is a bit of money. But to the people buying the information, it can be worth a great deal more as they maximize the use of the data.
By the time the story of the breach had reached the press, Anthem was working with the FBI and cybersecurity firm Mandiant to examine its computer system for vulnerabilities. While there’s no question there certainly was at least one exploitable vulnerability in the system, the breach serves as a reminder to other companies to practice sound computer security. After all, in this attack, it was not just employee records and company data which was exposed, but the data of customers, which opens up a whole new legal debacle.
The question of whether it is possible to secure large computer networks comes up continually going forward. One thing which becomes clear with the recent hacks of Sony and now Anthem is that companies need to invest in security wherever possible. When they have the sort of resources these firms do at their disposal, it makes no sense that their networks are not locked down with the top of the line in security. It would be a necessary and relatively small expense as compared to the problems that arise when a breach like this happens.
Indeed, Anthem will not be the last company to get hacked, nor even the last major company. What will become an issue is whether these companies are responsible when customer data is stolen and then used to establish damaging accounts. Increasingly, it would seem to make sense for companies to keep as little customer data on file as possible, thereby minimizing the value of a successful attack on their database. Because in the end there is no such thing as a truly secure network. All networks will always be subject to attack, and therefore a method to ensure that sensitive data is not stolen is to not keep it in places it does not need to be kept.
Hacked will work to keep you abreast of new attacks as they surface.
Images from Shutterstock and Wikimedia.