Anthem Medicare Suffers Large Data Breach Resulting from an Insider

Media Division | August 1, 2017

Various organizations continue to suffer extremely large data breaches in this day and age, though some industries tend to be much larger targets than others. One of these higher targets is healthcare related organizations because of the sensitive types of information that they can hold, which can be sold or used for fraudulent purposes. It is also important to note that all attacks and breaches do not necessarily originate from outside hackers, as there can also be insider threats with malicious intent. This was the case in a recent incident with Anthem Medicare.

How the Breach Came About

According to reports, the incident at Anthem may have exposed health data from over 18,000 Medicare enrollees. A consulting firm of Anthem called Launchpoint had discovered that an employee discovered that an employee of theirs had been involved in identity theft two months earlier, and upon further investigation, they had also found that that the employee had sent data regarding Anthem members to their personal email. LaunchPoint had then notified Anthem of this breach on July 14th. The data contained in the email included things like Medicare identification information and Social Security numbers. LaunchPoint had begun notifying members of the breach on July 24th, and on the same day, Anthem had reported the incident to the Department of Health and Human Services. The contractor at LaunchPoint has since been terminated, and they are also incarcerated on charges unrelated to the Anthem incident. In response to the breach, LaunchPoint has been reevaluating their security, and those affected will be provided two years of free identity theft restoration and credit monitoring services.

Unfortunately, this is not the first time that Anthem has suffered quite a severe breach. Back in 2015, hackers were able to gain access to the personal information of around 80 million people. There had been a class action lawsuit filed in regard to this incident, and last month, the health insurer had agreed to a settlement of $115 million over this. While still pending approval from a federal judge, this settlement would mark a record for a cyber breach incident. And in 2013, Anthem had also paid out $1.7 million for the purpose of resolving a federal complaint that they had exposed the health information of over 600,000 individuals as a result of inadequate online security. This should be a wakeup call for Anthem to better their own security, and thoroughly vet that of third parties.

The Necessity of Comprehensive Security to Prevent Cyber Attacks

Of course, insider threats are a real possibility that organizations need to be prepared for, but there are also numerous outsiders that need to be defended against. Realistically, many organizations these days have quite lacking cyber security. Their reasoning could be related to finances or a shortage of adequate personnel, but both of these things are just excuses most of the time. While the implementation of proper cyber security can be expensive in some cases, it is also an investment in the protection and longevity of the organization. A single attack of significant magnitude can factually cause an organization to fail, which is why they must ensure that they are completely able to prevent cyber attacks. Money really is no excuse in general, as once again, a single cyber attack can end up costing much more than it does to simply bolster security. Attackers and threats become more adept at compromising our various systems and networks every day, and organizations must realize this and act accordingly. Massive Alliance offers numerous tools and services that can help organizations of all types and sizes better prevent cyber attacks.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.