Today we’ve learned that up to 80 million customers and employees of Anthem health insurance have had their personal information stolen. Initial reports indicate that the data loss includes names, birth dates, Social Security numbers, addresses and employment data including income.
All the information you need for effective identity theft.
The exact number of records lost is still being determined but Anthem themselves say it’s likely in the “tens of millions”.
The potential number of records and the type of information lost already make this, arguably, the worst data breach in US history, from an identity theft-risk perspective.
But two things make this situation even worse and should raise red flags.
Nearly a year ago, the FBI issued a warning that the health care industry was at risk. With today’s announcement we see that warning was well founded. And, we see what the consequences of a successful attack look like. Most of all, we see that this is a risk the entire industry faces—size and sophistication don’t matter.
Health care organizations need to heed the FBI’s warning from last year and put in place not just protections to prevent intrusions but countermeasures to detect when these intrusions take place. Even as we write, the odds are good that the networks of other healthcare organizations have already been breached and that data is being siphoned. The real question is how long it will be before we hear about it.
A lesson that the health care industry can take from last year’s retail data breaches is to collaborate and share information broadly, quickly. We know the attackers share information. And, while health care does have an information sharing and analysis center more can always be done.
The Obama administration has recently called for more legislation to boost cybersecurity defenses and data breach notification. Because health care is such a heavily regulated industry, this latest event shows how important it is for these initiatives to include strengthening security around healthcare data.
This may be the first large healthcare data breach. But it won’t be the last. We have a chance to avoid a repeat of history that inflicted the retail industry if the health care industry moves quickly and in partnership with public and private organizations. For additional information click here.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.