Arraya Insights | February 9, 2015
Even though many of us are still struggling with remembering to write 2015 and not 2014, we may already have a winner for the biggest hack of the New Year. That unfortunate distinction falls on the Indianapolis, IN-based Anthem, Inc. Anthem, the nation’s second-biggest health insurer, has announced a data breach which could affect a truly staggering 80 million people.
Anthem believes the names, birthdays, addresses and Social Security numbers of current and former customers, as well as employees, were exposed by the breach. At this time, the insurer doesn’t believe hackers were able to gain access to sensitive medical records or credit card or bank account numbers.
The investigation into the mega-breach is still ongoing, so the number of people affected – as well as what was nabbed – could fluctuate. Still, Anthem has already admitted it’s likely that “tens of millions” of records were stolen so it’s doubtful this whole thing is being blown out of proportion. If that 80 million figure turns out to be true, it would top many of the other high-profile, headline-grabbing hacks from the last few years. For example, the J.P. Morgan breach compromised contact information for about 76 million households and Target’s cyberattack affected 40 million payment cards.
If you only look at the healthcare industry, then the Anthem breach becomes essentially unprecedented in magnitude. It dwarfs the previous largest confirmed hacker theft in the healthcare sphere, which was last year’s digital break-in at Community Health Systems, Inc., a hospital operator. That breach involved the records of 4.5 million customers.
The breach has been called “sophisticated” in The Wall Street Journal by security experts and the prevailing theory is that those responsible made use of specialized, “very advanced” techniques instead of more readily available tools. That means this probably wasn’t just any garden variety band of hackers.
There’s some speculation right now that both the Community and the Anthem breaches originated from the same place: China. According to MSN, a few security pros are kicking the tires on the idea that the Anthem breach was really part of a state-sponsored effort to uncover personal info on US defense contractors, but nothing has been confirmed.
Of course, there’s always the possibility this attack had less-nefarious motives behind it and was simply done for the money. Medical records can fetch a pretty penny on the black market. In fact, they’re even more valuable than certain financial records. According to some estimates provided by NPR, medical records could net a hacker $40-50, while credit card account information may only be worth $4-5.
That could put a giant bulls-eye directly on any organization tied into healthcare, making proper and hardened IT security an even more critical concern for the vertical. The Federal Government is so interested in security that it’s a core part of its recent strategic Healthcare IT plan for 2015-2020. A no-cost security architecture consultation from Arraya can help you secure weaknesses before they can be exploited by hackers. Speak to your Arraya Solutions Account Executive to hear more or click here to set-up your free consultation.