US healthcare provider Anthem Inc. has come under fire for failing to protect confidential health data
US healthcare provider Anthem Inc. has come under fire for failing to protect confidential health data, following the hacking and theft of information from a database with confidential information about 80 million patients.
On Wednesday, the company admitted that hackers had gained access to “personal information relating to consumers and Anthem Blue Cross employees who are currently covered, or who have received coverage in the past.” This included names, dates of birth, social security numbers, member ID numbers, addresses, phone numbers, email addresses and employment information, but not, apparently, medical information or credit card numbers.
“Cyber attackers executed a very sophisticated attack to gain unauthorized access”, the statement read.
The company has been heavily criticised for failing to encrypt patient data – a precaution that may have stifled the hacking operation.
“It is irresponsible for businesses not to encrypt the data,” said Trent Telford, chief executive of Covata, a large data security firm in Virginia. “We have to assume the thieves are either in the house or are going to break in. They will always build a taller ladder to climb over your perimeter security.”
Kevin Epstein, vice president of advanced security and governance at email security vendor Proofpoint, believes that in the main healthcare companies do not have the same concern for security of data as retailers or financial services companies. Breaches like the one at Anthem are, he said, “a scathing indictment of how at a board level, security has not been a crucial issue to date.”
Anthem breach indicative of a failure to protect privacy
- Can machines be moral? - March 7, 2021
- Can we synthesise Christianity moral theology with secular bioethics? - November 28, 2020
- Euthanasia polling data may fail to capture people’s considered views - August 15, 2020