Anthem Breach Highlights Weaknesses in Healthcare Tech
One of America’s top health insurers has been hit with a massive data breach that may date all the way back to April 2014, according to security experts. The breach, which is thought to have exposed sensitive data like social security numbers on millions of consumers, has even been linked to the Heartbleed Bug, a vulnerability that dates all the way back to 2011.
While a fix for Heartbleed was available in April, not every company heeded the warnings. Three months after the 2014 threat was announced, 300,000 websites were still unpatched. Experts have noted the similarities between Heartbleed and the Anthem incident, sparking speculation that the two might be related.
In addition to coming under fire for not notifying customers quickly enough, Anthem’s lack of data encryption is also being questioned. Unfortunately, neither encryption nor an ironclad firewall would have prevented Anthem’s hacking attack, since hackers may have gained access through five sets of employee credentials. The issue highlights the importance of training employees to avoid phishing attempts. Perhaps most alarming is the fact that the employees whose credentials were stolen were thought to be tech workers.
Healthcare at Risk
The Anthem event calls into question security measures currently being used at healthcare organizations around the country. The sensitive nature of information stored on systems at insurance companies and healthcare providers makes this type of access even more devastating.
While the Health Insurance Portability and Accountability Act (HIPAA) mandates strict security measures, information technology resources are all too often inadequate. With a shortage of affordable IT security professionals, many organizations now rely on a contractor to develop and maintain systems.
To avoid falling prey to security issues, healthcare organizations must up its efforts to educate employees. With advanced detection in place and continual patching of vulnerabilities, IT departments can protect consumers against identity theft and fraud.