Page 17 - index
P. 17
Anthem data breach – A Wakeup Call for Us All
US Health insurance giant Anthem confirmed last month that data (demographic and indicative
in nature) on approximately eighty (80) million customers was stolen by hackers. The stolen
data / information in question turned out to be names, birth dates, social security numbers,
street addresses, email addresses, and employment information per Anthem. It is safe to
assume that the attack Anthem experienced was an attack that went unnoticed for months
inside the organization perhaps starting in December of 2014, while others are reporting this
attack could have started in April of 2014.
In 2014, according to Healthcare IT News; healthcare has surpassed retail as the sector with
the highest number of reported security / data breaches. Not only is patient data at risk;
intellectually property concerning medical device development, advanced medical research,
drug discoveries and research, even information regarding medical / drug trials are all high-
value assets that are attractive to data thieves / hackers. This shouldn’t come as a surprise to
anyone that a giant within the healthcare sector was targeted in this most recent highly
publicized attack.
Every individual should be extremely concerned about the Anthem security breach and the
growing trend of cyber criminals focusing on healthcare data. This focus by cyber criminals
represents the emergence of a huge threat surface that potentially puts millions of consumer
identities at risk; including the possibility of putting healthcare innovation at risk.
The “Risk” Contextualized
Cyber-crime / theft is the new breed of organized crime that generates a significant return on
their investment via illicit trading of personal / sensitive data. The black market (dark web) is a
thriving market that provides a vehicle for cyber criminals to exchange for profit information
acquired from security / data breaches.
However; a data breach like Anthem is a unicorn event that cyber criminals strive to achieve
due to the plethora of sensitive and highly commoditized information acquired: Names,
birthdates, Social Security numbers, income, family information (children, parent, next of kin),
insurance information, even financial information (bank accounts and credit cards).
A breached organization can offer free credit monitoring for a number of months, which is
helpful if the only credit card information is stolen during the security / data breach. Consumers
have the ability to cancel a stolen credit card and request a new credit card number –
consumers do not have the ability to request a new identity: names, birthdates, social security
numbers, family information can’t be canceled and reissued. Once sensitive information of this
nature is acquired by cybercriminals; they can use this information literally forever.
Picture for a moment how beneficial it would be for a hacker to have indicative data like annual
income for each person whose records have been stolen. Knowing the annual income allows a
cybercriminal the ability to determine who they want to steal. Simply sorting by annual income
enables a cybercriminal to determine their most profitable victims – pretty simple. If your record
is chosen; a cybercriminal can inflict irreparable damage before the victim is even aware
someone is posing as them – taking a major loan out in their name, forging checks, even
acquiring credit cards.
17 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
