In early February, US health insurer, Anthem Inc. made public that they were the victim of one of the largest cyber attacks in history. Hackers were able to make off with tens of millions of records from a database with as many as 80 million records. These records contained personal information of both current and past customers, as well as Anthem staff members. Even CEO Joseph Swedish had his personal data compromised.
This attack affected several of Anthem’s subsidiaries, including Anthem Blue Cross and Blue Shield, Empire Blue Cross and Blue Shield, Amerigroup, Healthlink, and Caremore.
According to Anthem’s website, it’s affiliated companies server nearly 69 million people. The company is the second largest health insurer in the US and one out of every nine American’s has healthcare coverage through one of Anthem’s subsidiaries, if not through Anthem directly.
In addition to informing the Federal Bureau of Investigation, who is investigating the attack, Anthem also hired the cyber security firm Mandiant to aid in the investigation. Mandiant will be helping to evaluate Anthem’s computer systems, as well as fix any other vulnerabilities.
Anthem is offering identity theft repair and credit monitoring services to their customers who were affected by this breech. If you are a customer of Anthem or any of its affiliates, and you believe that your personal data may have been compromised, you can sign-up for these services here.
Why Hackers Want to Steal Your Data
Anthem stated that the hackers had “obtained [personally identifiable information (PII)] from current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses, and employment information, including income data.” They also stated that there was no evidence that credit card or medical information was stolen. However, even without credit card information, hackers can still do a huge amount of damage.
PII can be used to commit such crimes as stealing tax refunds or breaking into bank accounts. It can even be used to obtain medical treatment or secure loans and new credit card accounts in the names of the victims.
As you can see, identiy theft can cause far more serious problems than the simple loss of a credit card number. A credit card number can be quickly canceled but identity theft can cause life altering problems. According to Reuters, the black market value of stolen health credentials is 10 to 20 times higher than that of stolen credit card numbers.
In an attempt to capitalize on the Anthem breach, other hackers are already sending out phishing emails, trying to scam individuals into sending them their PII by claiming to be Anthem representatives in charge of rectifying the breech. These hackers are not believed to be the same hackers that compromised Anthem’s computer systems. As you can see from the example above, hackers can make a lot of money from phishing attacks, even if very few individuals take the bait.
What You Should Do to Protect Your Company
In 2014, hackers stole large amounts of data from several organizations, including Home Depot, Target, Staples, JP Morgan Chase, Sony, Community Health Services, and even the US Postal Service. With such major players suffering from attacks to their data networks, it is safe to assume that blindly following the reactive security practices of large organizations will only lead to trouble. Small companies must take a more proactive approach.
Probably the most important approach small companies can take to cyber security is to educate their employees about the variety of hacking techniques out there, as well as how to spot fake emails and other scams. Having a strong relationship with their IT service provider can be an additional asset to a securing your company’s computer network.
It is just as important to choose an IT service provider that specializes in security and who can provide insight into data backup, disaster recovery, encryption, regulatory compliance, and more.
A good disaster recovery program is key to data security. IT service providers should be able to provide the solutions and education necessary for companies to protect themselves from data loss and to help them create the right processes to recover data quickly in the event of a breech or failure.
At Integrative IT, we use specialized tools to scan and fix security threats and regulatory compliance issues on our customers networks. To learn more, contact us today.