Healthcare Security Breach
The security breach at Anthem is the largest health care breach to date as pointed out by Mandiant, and we believe it’s in the top 5 security breaches of all times across any industry. This and recent breaches such as Home Depot and of course Sony Pictures Entertainment, is a clear sign that even companies with extremely robust IT infrastructure are at risk of potential attacks and malicious destruction or theft of personal data, especially for healthcare security breach.
Health care data is extremely sensitive and the issue of protection is already very important and governed under HIPAA rules. The fact that so many dollars have already been invested in HIPAA compliance are proof that protecting this data has been taken very seriously. But keep in mind that today’s attack was not about health care or financial information, it was clearly aimed at getting personal data. We believe the big story here is that this represents 80 million potential identify thefts.
All of the major players including Amazon, Microsoft, Google, Apple and Samsung have world class IT infrastructure and security systems firmly in place. Apple surely deserves a credit for trying to limit the use of personal information for data mining, but that really addresses the marketing and spam issues, not these types of sophisticated attacks. Unfortunately it’s a never ending battle as new systems and new features will almost always introduce new vulnerabilities that can be exploited by sophisticated hackers.
It’s unlikely that these types of attacks will stop regardless of how tight a security system is, but the key take away is that security is an ongoing process that needs to continually be refined and improved over time. Companies of all sizes need to take security seriously, have the necessary software, people and processes in place, and make sure that each employee understands these processes and their individual role in securing the company’s data. And it’s no longer just companies with large data centers that are at risk. As companies move to cloud based services such as Microsoft Office 365, Salesforce and Box, they need to ensure that the data stored in these services is secure and available for recovery in the event of accidental or malicious destruction of data.
Read CloudAlly’s comment featured on the Fast Company article about the Anthem Breach