Yet another high profile breach makes headlines in last week's news. Anthem, the second largest health insurance company in the United States, has about 80 million past and present customers in their database. Little information is known, but the Federal Bureau of Investigation predicts tens of millions in the database were breached including names, addresses and social security numbers. The FBI along with VLCM partner, FireEye, were involved in investigating this "highly sophisticated attack."
"This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," U.S. Rep. Michael McCaul, chairman of the Committee on Homeland Security, said in a statement late Wednesday.
Though it's believed that no financial or medical information was leaked, medical identity theft often goes overlooked. Unlike credit card breaches which tend to be quickly canceled when fraud is detected, medical information breaches can take years to detect, giving criminals plenty of time to take advantage of those credentials. Companies that are still reliant on aging computer systems are especially vulnerable with outdated security features that won't catch hackers early enough.
"Anthem's initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances. Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible," FBI spokesperson said.
The Anthem Breach: What We Know
- Anthem has retained Mandiant, owned by FireEye, to assist with the ongoing investigation of this incident.
- This was a very sophisticated attack using advanced malware that Anthem detected on its own and promptly reported to the FBI for a full investigation alongside Mandiant.
- The information accessed includes names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data. Anthem president and CEO, Joseph Swedish, was also breached.
- Anthem is individually notifying current and former members whose information has been accessed and individuals can contact www.anthemfacts.com or 877-263-7995 for more information. Anthem will be providing credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind.
Breaches of this magnitude typically costs health insurers at least $100 per stolen record. If just 10 million records were stolen, the costs to respond would likely top $1 billion. Security services offer password tips to help protect your individual information.
- Don’t use commons words or phrases. Instead, think of a phrase and use the first letter of each word, throw in some numbers and special characters, and you're good to go.
- Prioritize your accounts. Use your most difficult passwords for your most important accounts like email, financial institutions and accounts with sensitive information.
- Use two-factor authentication. Layer your security with follow-up questions or use services that scramble your password each time you enter.
- Use a password manager. There are many programs available like Lastpass, Dashlane and others.
VLCM is fully equipped to analyze your environment and recommend the security solution that's right for your business. With the growth of cyber attacks, your organization must ask the right questions. What do you have in place to mitigate a breach? Close to 97% of businesses are already breached when security specialists get involved. View other important questions and contact our certified security specialist for advice on protecting your network.