Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Anthem's Data Breach – Just the Beginning?

February 9, 2015

Health insurance company Anthem announced on February 4th that it had suffered what appears to be the largest breach ever in the health insurance industry, affecting about 80 million people.

Once the dust had settled slightly, The New York Times carried a good article on the breach. Anthem, one of the country’s largest health insurers, said the hackers did not appear to have stolen information about its customers’ medical claims. But medical identification numbers were taken, along with Social Security numbers, addresses and e-mail addresses, which could be used for medical fraud.

Medical identify theft is growing because it pays. In black-market auctions, complete patient medical records tend to fetch higher prices than credit card numbers. One security expert said that at one auction a patient medical record sold for $251, while credit card records were selling for 33 cents.

Signs continue to point to China as the source of the attack, but it is unknown whether this is a state-sponsored attack or simply cybercriminals.

Patient medical records typically include information not easily destroyed, including date of birth, Social Security numbers and even physical characteristics that make them more useful for things like identity theft, creation of visas or insurance fraud by fraudulently billing for expensive medical or dental procedures that were either never performed or performed on someone else. Some criminals have also tried a form of ransomware in which they threaten to reveal medical information unless they are paid. Creative SOBs, these hackers.

About 90 percent of health care organizations reported they had at least one data breach over the last two years, according to a survey from the Ponemon Institute, a privacy and data protection research firm. The founder, Larry Ponemon, a security expert, says most were because of employee negligence or system flaws, but a growing number are malicious or criminal.

And, if history holds true, having successfully breached one insurer, the attackers will try to breach others. Because that, apparently, is where the money is.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Anthem's Data Breach – Just the Beginning?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer