System Hack of Anthem Health Insurance Company
USA’s second largest health insurance company Anthem alerted the public as well as its customers that hackers had managed to infiltrate their systems and steal information belonging to over 80 million of the business customers. This occurrence set the record for the world’s largest network breach ever to happen to an insurance company in the year 2003.
The personal information stolen belonging to the members included birthdays, residential addresses, email addresses, medical identification numbers, social security numbers. Income tax information that belonged to all the former and the current employees of the company including its very own chief executive officer were also stolen. 80 million is an enormous number, roughly the combination of the populations of Texas, California, and Illinois. So far, investigations are still ongoing. According to the company’s vice president Kristin Binns, there is still insufficient evidence to conclude that the customer’s personal and medical information was compromised.
How the Information Breach Occurred
Now the big question pops up. What went wrong in the second largest insurance company in the USA that led to 80 million of its customers being exposed to a huge cyber hack? The attack could be due to a significant vulnerability in the company’s security systems (Orr, Tamra 2008). Many cyber experts say that Anthem did not take precautions in protecting their systems from hackers. They did not use encryption to protect its information in the very same way it used to protect information shared or sent outside their database.
Anthems spokesman say that they don’t exactly know the people behind the attack, but many consultants have pointed out that recently, hackers from Chinese have shown enormous interests in getting information from renowned healthcare companies. The most suggested method was that the hackers managed to enter into the systems through very sophisticated software programs. The programs allowed them to gain access to login credentials of one of their employees. This breach therefore gave the hackers access to data of the over 80 million customers.
Loopholes in the System
Although it is not definite how hackers managed to get into the company’s system, it is evident that some gaps and weaknesses existed in the way the information was handled and transferred in the systems. The major weakness being attributed to the hack is the failure to use encryptions in being able to access the data. This measure would have at least prevented the hack or to some extent delayed the hackers’ success in accessing the system. Anthems systems, according to cyber experts, did not concentrate as much on the security matters of the data but rather data handling. This situation gave way and made it easier for the hackers.
Effect of the Hack to Anthem’s Customers
No cases have come out yet where the original members of the health insurance company have emerged to report cases of malicious conmen. The situation although led to many non-members being dragged into giving out personal information and to some extent being robbed.
When information about the hack came out to the whole public, many cyber criminals went out to take advantage of the breach. They started persuading people to take up credit protection services that made them provide personal information.
The Company’s insurer warned the customers about scams that targeted mostly the former and present customers whose information was suspected to be out following the breach. Anthem further notified its customers to avoid emails that may appear to come from anthem and sometimes request recipients to click on a link in the email so as to obtain credit monitoring. The company further said that it would not send any email warnings to its customers because the hack is much severe and deeper than it may appear. To avoid all these, it would communicate to its clients via emails delivered by the postal service of the US. It would also not call its members on issues of the hack and also not ask for any information regarding credit cards and social security numbers via email or phone.
As a measure to protect its customers from being exploited, anthem advised them to:
- Take up the offer of Credit monitoring. This action will help the members in being aware if anyone attempts to open a bank account or get credit cards using the members’ names.
- Monitor their credit and bank accounts statements more carefully
- Reach out to credit reporting companies and make a fraud alert that will add some protection and also them alert in case of any attempt to have accounts opened using the member’s name.
However, the biggest misfortune by the customers would be in the case of damages. It would be so hard to sue Anthem. The customers would have to prove that their problems were as a result of the breach and also be able to track back to the hackers who made the attack. The Government could also come in and sanction Anthem but that would not necessarily help a customer who may have experienced financial losses.
Effect of the Breach to the Company’s Reputation.
Clearly, the reputation of the company has been damaged by the attack. A research carried out indicated that many people would opt for other insurance companies rather than Anthem. To prove this further, a woman from California sued Anthem for the failure to secure and protect the customer’s information and including addresses, birth dates, and social security numbers. This suit further brought down the company’s reputation. All the information taken from the corporation’s systems would be all any customer would have to worry about when identity theft arises. The information would be all that would be needed to come up with a new bill in one’s name or even register for a lot of activities.
“Companies that store personal data for customers have a responsibility of keeping it and protecting it ensuring that it is safe, and this fails anthem as an insurance company”(25). A response from one of the firm’s customer during an open interview. “Being that no financial information was taken from the systems does not make it any good since all data has a value, and no data is ok to get lost”(30).
Measures Taken By Anthem to Protect Its Systems
Since the attack, anthem has been trying to find measures to prevent further attacks into their systems. System protection is not just a simple thing to manage. It is considered as a cat and mouth game where no matter how many cats you deploy to watch for the mouse, the mouse will continue to advance its tactics to turn the house upside down. Such a case also happens to the information system. No matter how secure the systems are, hackers will always find ways of infiltrating them and getting information, so the major thing here is to check the system continuously and enhance it regularly.
This situation would require monitoring all the activities in the entire network at one particular time including who, when and where the data is being moved or altered. In addition to the technological tools that enable Anthem to see whoever is in the network and exactly what they are doing. It has offered education to all its system users and not just the ones in the information system unit. This knowledge will enable the employees to monitor the systems and also identify any breach as quick as possible.
Anthem has come up with a system where some of the most important information is encrypted therefore giving exclusive access to the data to only specific users of the system. It is a common problem for most hospitals (Hodge, Samuel 2014). When dealing with patient’s data, it should always be encrypted in areas that are vulnerable to breach. Another measure would be to store the data in an outside system where there is no appropriate protection rather than employing more sophisticated systems that are vulnerable: by print.
Medical Records. Comprehensive training to employees is also a measure that Anthem has taken to keep their customer’s data safe. The biggest threat to any health insurance company would be the same workers in the enterprise. Many researchers have shown that numerous businesses do not expect the actions of their very own employees to ease the work of hackers. Alongside that, employees are also reminded to double check email requests e.g. requests to confirm email passwords just to be sure the emails are from legitimate sources.
All the antivirus programs on the network devices and computers are regularly updated in Anthems systems making it easier to inspect, detect and to do away with any malicious element designed to manipulate the systems network.
Anthem, Inc. New York, NY: Datamonitor, 2000. Internet resource.
Journal of Data Management. Mount Morris, Ill, 1963. Print.
Orr, Tamra. Privacy and Hacking. New York: Rosen Central, 2008. Print.
Medical Records. Minneapolis, MN: Minnesota Institute of Legal Education, 2001. Print.
Hodge, Samuel D. Mastering Medical Records. , 2014. Print.
We have the capacity, through our dedicated team of writers, to complete an order similar to this. In addition, our customer support team is always on standby, which ensures we are in touch with you before, during and after the completion of the paper. Go ahead, place your order now, and experience our exquisite service.
Use the order calculator below to get an accurate quote for your order. Contact our live support team for any further inquiry. Thank you for making BrilliantTermpapers the custom essay services provider of your choice.