US healthcare provider Anthem Inc. has come under fire for failing to protect confidential health data, following the hacking and theft of information from a database with confidential information about 80 million patients.
On Wednesday, the company admitted that hackers had gained access to “personal information relating to consumers and Anthem Blue Cross employees who are currently covered, or who have received coverage in the past.” This included names, dates of birth, social security numbers, member ID numbers, addresses, phone numbers, email addresses and employment information, but not, apparently, medical information or credit card numbers.
“Cyber attackers executed a very sophisticated attack to gain unauthorized access”, the statement read.
The company has been heavily criticised for failing to encrypt patient data – a precaution that may have stifled the hacking operation.
“It is irresponsible for businesses not to encrypt the data,” said Trent Telford, chief executive of Covata, a large data security firm in Virginia. “We have to assume the thieves are either in the house or are going to break in. They will always build a taller ladder to climb over your perimeter security.”
Kevin Epstein, vice president of advanced security and governance at email security vendor Proofpoint, believes that in the main healthcare companies do not have the same concern for security of data as retailers or financial services companies. Breaches like the one at Anthem are, he said, “a scathing indictment of how at a board level, security has not been a crucial issue to date.”
This article is published by
and BioEdge under a Creative Commons licence. You may republish it or translate it free of charge with attribution for non-commercial purposes following these guidelines
. If you teach at a university we ask that your department make a donation. Commercial media must contact us
for permission and fees. Some articles on this site are published under different terms.