Earlier this month, an online data breach at Anthem Inc., the second-largest health insurance provider in North America, exposed the medical information, Social Security numbers, and email addresses of over 80 million consumers.
No definitive answer has emerged yet about who was responsible, or what motivated them to steal so many records. But security experts note that a stolen patient medical record sells for 750 times that of a stolen credit card on the black market. Why? When a credit card number is stolen, the issuing bank usually cancels it — when a date of birth or Social Security number is stolen, those identifiers, which cannot be destroyed, provide the easiest path toward medical fraud.
In good news, the Anthem hack did coincide with a United States government announcement that strengthened data privacy laws were imminent; two weeks later, a Russian cybercriminal was extradited to the U.S. for the 2013 hack of more than 160 million credit card numbers. But the Anthem breach had further negative repercussions; company executives alerted members about phishing email scams that urged people to sign up for illicit credit protection services (or provide personal information).
Even more surprising is the fact that Anthem only encrypted its critical patient data when it was moving out of the company database, NOT while at rest and in storage. There’s a fine line between sufficient security and easy access for employees trying to do their jobs. And a trusted advisor like CMIT Solutions knows how to walk it.
CMIT recently upgraded its encryption solution to better meet the needs of small to medium-sized businesses — particularly those in the financial, health care, or retail industries, which are subject to PCI or HIPAA regulations. But the concern isn’t limited: in a recent survey of more than 53,000 small business owners in the U.S. and Canada, 71% said they were worried about private information being stolen from their computers.
So what can you do to minimize the threat of a data breach?
- Strengthen your passwords. This sounds too easy to be effective, but consider the Anthem breach, which resulted from a stolen employee password. It might seem silly, and it might be inconvenient, but stronger passwords are the first step toward better security.
- Provide employees with adequate training. Whether instructing employees on when to click and when not to click suspect web links, or assessing the security of an email attachment, or distributing a stringent security policy, employee training can be crucial to eliminate the human error that often leads to a breach.
- Institute strong access, identity, and firewall management. If you (or your IT provider) know who has access to internal networks, identifying an external bad actor becomes that much easier. More adept firewalls are also required in this age of increasing mobile and tablet use.
- Employ proactive services to identify and resolve issues before they occur. Static defenses like office firewalls are just one part of the security strategy: strong proactive monitoring and management, backup and disaster recovery, anti-virus, anti-malware, anti-spam, and anti-spyware solutions are also required to protect your data and systems.
Even though it seems like the data breach tide won’t stop advancing, the right policies and procedures can keep your business safe. Contact CMIT Solutions to learn more about our commitment to security.