Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

An Apple A Day: Anthem Health Insurance Breach Exposes 80 Million Records

As the old adage goes, an apple a day keeps the doctor away. In the case of the just announced Anthem Health Insurance data breach, an apple a day most definitely doesn’t keep the hackers away.

The Anthem breach

Anthem (formerly WellPoint) is one of the largest health insurance providers in the United States. Yesterday they disclosed a massive data breach that may have impacted up to 80 million people. As their president and CEO noted in the disclosure:

Despite our best efforts, Anthem was the target of a very sophisticated external cyber-attack.

Complete health insurance credentials sold for $20 a piece on underground markets in 2013

All the details are still being unraveled but it appears that the attackers gained unauthorized access to Anthem’s systems that store both current and former customer names, birth dates, medical IDs, social security numbers, employment information and some income data. There is currently no evidence that credit card or medical information such as test results were targeted or compromised. Attribution of the breach is always a whack-a-mole project, but it is now being reported by multiple sources that there is some evidence that points to Chinese state-sponsored hackers who are stealing personal information from healthcare companies for purposes other than pure profit. According to Dell SecureWorks, complete health insurance credentials sold for $20 a piece on underground markets in 2013, which is 10 to 20 times more than a U.S. credit card number with a security code. And stolen health insurance credentials that included dental, vision, or chiropractic plans associated with the health plan increased the value by $20.

Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.

Back in 2010, WellPoint was fined $1.7 million for a data breach that impacted 612,000 people and resulted in the disclosure of personal information. The fine was levied by the United States Department of Health and Human Services (HHS) for inadequately implementing policies and procedures to protect unsecured electronic PHI (protected health information) which is covered by HIPAA compliance standards. The healthcare sector is experiencing cyberattacks at an alarming rate and is currently one of the most susceptible industries to these types of breaches. The 2014 Verizon Data Breach Report noted that the healthcare industry was behind the curve from a security standpoint, which makes these data breaches all the more likely to occur again.

Tenable can help the healthcare industry

Tenable’s continuous network monitoring solution, SecurityCenter Continuous View™ (SecurityCenter CV™), enables healthcare organizations to clearly see their infrastructure, simplify the IT environment, and better protect the business. The platform enables continuous discovery, assessment, and reporting on every component of the network against a security policy — giving healthcare organizations superior visibility into the risks to their business, so those risks can be measured and mitigated.

The healthcare industry was behind the curve from a security standpoint

Tenable enhances day-to-day security operations, helping resource-strapped healthcare organizations meet multiple compliance demands, while simultaneously strengthening defenses. SecurityCenter CV integrates with and correlates data from existing security technologies, helping security teams orchestrate, optimize, and manage their defenses more efficiently. SecurityCenter CV also offers role-based administration, reporting, built-in security analytics, and an expanding collection of dashboards. The Tenable continuous network monitoring solution delivers the insights that security operations and incident response teams need to respond faster and more effectively. Targeted dashboards, like this HIPAA Monitoring Summary Dashboard, help healthcare organizations assess vulnerabilities at a glance:

Lessons learned

This week’s breach at Anthem will likely be the largest healthcare related breach to date and the ripple effects are just now beginning to be felt. Thankfully for Anthem stockholders, shares have held steady since the news broke. There will assuredly be major expenses to make sure this doesn’t happen for a third time. But Anthem is in the business of billing doctors and collecting premiums from group plans – not cybersecurity. As long as Anthem can deal swiftly and effectively with the fallout, there’s no reason to think this will have a chilling effect on doctors and the general public. But healthcare organizations have been warned to harden their security policies and protect their data.

 

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training