Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

An Apple A Day: Anthem Health Insurance Breach Exposes 80 Million Records

As the old adage goes, an apple a day keeps the doctor away. In the case of the just announced Anthem Health Insurance data breach, an apple a day most definitely doesn’t keep the hackers away.

The Anthem breach

Anthem (formerly WellPoint) is one of the largest health insurance providers in the United States. Yesterday they disclosed a massive data breach that may have impacted up to 80 million people. As their president and CEO noted in the disclosure:

Despite our best efforts, Anthem was the target of a very sophisticated external cyber-attack.

Complete health insurance credentials sold for $20 a piece on underground markets in 2013

All the details are still being unraveled but it appears that the attackers gained unauthorized access to Anthem’s systems that store both current and former customer names, birth dates, medical IDs, social security numbers, employment information and some income data. There is currently no evidence that credit card or medical information such as test results were targeted or compromised. Attribution of the breach is always a whack-a-mole project, but it is now being reported by multiple sources that there is some evidence that points to Chinese state-sponsored hackers who are stealing personal information from healthcare companies for purposes other than pure profit. According to Dell SecureWorks, complete health insurance credentials sold for $20 a piece on underground markets in 2013, which is 10 to 20 times more than a U.S. credit card number with a security code. And stolen health insurance credentials that included dental, vision, or chiropractic plans associated with the health plan increased the value by $20.

Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.

Back in 2010, WellPoint was fined $1.7 million for a data breach that impacted 612,000 people and resulted in the disclosure of personal information. The fine was levied by the United States Department of Health and Human Services (HHS) for inadequately implementing policies and procedures to protect unsecured electronic PHI (protected health information) which is covered by HIPAA compliance standards. The healthcare sector is experiencing cyberattacks at an alarming rate and is currently one of the most susceptible industries to these types of breaches. The 2014 Verizon Data Breach Report noted that the healthcare industry was behind the curve from a security standpoint, which makes these data breaches all the more likely to occur again.

Tenable can help the healthcare industry

Tenable’s continuous network monitoring solution, SecurityCenter Continuous View™ (SecurityCenter CV™), enables healthcare organizations to clearly see their infrastructure, simplify the IT environment, and better protect the business. The platform enables continuous discovery, assessment, and reporting on every component of the network against a security policy — giving healthcare organizations superior visibility into the risks to their business, so those risks can be measured and mitigated.

The healthcare industry was behind the curve from a security standpoint

Tenable enhances day-to-day security operations, helping resource-strapped healthcare organizations meet multiple compliance demands, while simultaneously strengthening defenses. SecurityCenter CV integrates with and correlates data from existing security technologies, helping security teams orchestrate, optimize, and manage their defenses more efficiently. SecurityCenter CV also offers role-based administration, reporting, built-in security analytics, and an expanding collection of dashboards. The Tenable continuous network monitoring solution delivers the insights that security operations and incident response teams need to respond faster and more effectively. Targeted dashboards, like this HIPAA Monitoring Summary Dashboard, help healthcare organizations assess vulnerabilities at a glance:

Lessons learned

This week’s breach at Anthem will likely be the largest healthcare related breach to date and the ripple effects are just now beginning to be felt. Thankfully for Anthem stockholders, shares have held steady since the news broke. There will assuredly be major expenses to make sure this doesn’t happen for a third time. But Anthem is in the business of billing doctors and collecting premiums from group plans – not cybersecurity. As long as Anthem can deal swiftly and effectively with the fallout, there’s no reason to think this will have a chilling effect on doctors and the general public. But healthcare organizations have been warned to harden their security policies and protect their data.

 

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.