Tuesday, February 10, 2015
Ruled a violation of the Health Insurance Portability and Accountability Act (HIPAA), the event compromised 612,000 individuals insured at WellPoint Inc. Anthem Insurance Co. acquired WellPoint Health Networks Inc. in 2004 and named the combined company WellPoint Inc. In 2014, the company changed its name to Anthem Inc.
Anthem is bracing for an additional 1.5 million in fines for the current breach, which could affect up to 80 million customers and employees. Healthcare and security analysts alike are wondering how the healthcare giant could have failed to implement better security measures after the initial breach exposed vulnerabilities in its security infrastructure.
“Companies in the healthcare and payments industries have an ethical responsibility to protect customer data,” said Mike Ackerman, Chief Executive Officer of San Diego-based DigiPay Integrated Technology Solutions. “The big story is not this week’s report of a data breach at Anthem, but the fact that it follows a relatively recent incident that led to expensive fines, affected tens of thousands of customers, and damaged the company’s brand.”
HIPAA regulations give Anthem a 60-day window to officially report the breach, and the company has already begun to contact its customers. It is also working with Mandiant, a computer security company, to evaluate its security infrastructure. In addition, Anthem is offering free credit screening to anyone whose name, address, Social Security number and medical data may have been stolen by hackers.
In a statement posted on the company’s website, Anthem President and CEO Joseph Swedish described the incident as a “sophisticated external [cyber attack]” with far-reaching effects. “Anthem’s own associates’ personal information – including my own - was accessed during this security breach,” he stated. “We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”
Attacks against healthcare companies accounted for 42.5 percent of all reported data breaches in 2014, according to an Identity Theft Resource Center survey.
Security failures at WellPoint in 2010 and the Anthem breach currently being investigated have exposed the names, dates of birth, addresses, Social Security numbers, telephone numbers and health information of millions of consumers whose sensitive medical data was in the clear. Failure to encrypt and tokenize HIPAA-protected data has put millions of insured individuals in harm’s way.
The FBI warned consumers to be extra vigilant. FBI spokesman Joshua Campbell said the FBI “is aware of the Anthem intrusion and is investigating the matter,” and encouraged consumers to report suspicious activities to the FBI's Internet Crime Complaint Center at www.ic3.gov .
A report published April 30, 2014, by the Institute for Health Technology Transformation stated a majority of healthcare data security breaches are caused by lost or stolen devices that can expose an entire healthcare network to a cyber attack.
Following are the institute’s recommendations for securing health data in an increasingly mobile world
To obtain the full report, visit ihealthtran.hs-sites.com/iht2-healthcare-security-report.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.