Following the news of a massive data breach involving the customers and employees of Anthem, one of the largest health insurance providers within the United States, IT administrators within the healthcare IT sector are scrambling to make sure their own systems are up-to-date and protected from hackers.
The attack on Anthem, which occurred in early 2015, resulted in the exposure of personal information for approximately 80 million customers as well as employees with Anthem. More importantly, and perhaps even more disturbing, is the fact that the attack at Anthem is only one of dozens of data breaches that have occurred within the healthcare IT system since the beginning of 2014.
It’s safe to say that Anthem made a number of mistakes regarding their storage of personal information. For starters, they failed to provide any amount of encryption for this sensitive data. Despite this fact, IT experts are quick to point out that Anthem was operating in compliance with industry-specific security standards.
Alan Sager, a health-policy professor at Boston University, highlighted some issues that may be contributing to the latest data breaches within the healthcare sector. He was quoted as saying: “The ability of healthcare companies to compile data has grown far faster than their ability to protect it. For too many organizations it's more about maximizing revenue, while protecting patient confidentiality ranks at the bottom.”
However, the latest data breach involving Anthem certainly hasn’t gone unnoticed. In fact, many insurance providers are monitoring and reacting to the situation as it unfolds. Some have already taken action in order to correct their own shortcomings in data security.
Anjie Coplin, a spokeswoman with Aetna, spoke about the security protocol of her company as she talked about the recent incident with Anthem. She was quoted as saying: “We closely follow the technical details of every breach that’s reported to look for opportunities to continually improve our own IT security program and the health sector’s information protection practices broadly. This latest incident highlights the ongoing need for the health sector to move to a model that relies less on Social Security numbers. SSNs are highly marketable and valuable to hackers, and have been a standard part of the health care system for decades. The less SSNs are handled as part of business transactions, the smaller the opportunity that they can be exploited by hackers.”
Her comments refer specifically to the storage of Social Security numbers, which can be used to uncover other personal information. While the use of Social Security numbers provides an incredibly efficient means of matching electronic records to individual patients, they are also highly sought after by hackers and identity thieves.
Cigna spokesman Joe Mondy also mentioned the incident with Anthem in a separate interview. He was quoted as saying: “Cigna recognizes that the healthcare industry is a potential target for cybersecurity threats – and we take the safeguarding of our customer and business information very seriously. We are closely monitoring this situation. We have multiple system products that detect, log, and alert us to suspicious traffic. And Cigna computers have security software installed, and can only connect to our network when they’re running the latest anti-virus software and definitions.”
How Can The Healthcare Industry Ensure Data Protection?
Comments
No comments yet. Sign in to add the first!