Earlier this week Excellus
BlueCross BlueShield and another partner company had 10 million health records
exposed. The breach follows Anthems this year in January with 80 million health
records. Other health insurance based companies are being targeted as well. It's become such a large problem that law
enforcement began warning health care industry companies last year that they
may face an increased risk of data breach attacks (Hautala, 2015)
It took Excellus
over a year and a half to find out they had been breached. The companies said
unauthorized computer access was discovered Aug. 5, and further investigation
revealed that the initial attack occurred on Dec. 23, 2013 (Hack of
Health Insurer Excellus May Have Exposed 10M Personal Records.). Excellus is not sure
at this time if any of the information stolen had been sold or used.
My question is if law enforcement warned
them about data breach attacks why didn’t they increase their security? To me
it seems the health insurance companies don’t have proper security measures
setup for protecting their customer’s data. Would you trust these companies
with your personal information? I know I wouldn’t trust them with my personal information
if they have no way of keeping it safe. Excellus is doing the right thing by
providing free credit monitoring for two years.
I wonder
how and when more of these incidents are going to happen? When will companies
learn, the less you spend on security the more it will cost you when there is a
data breach. I heard once from a security conference that if company a spent
that extra 100,000 on security equipment it would have saved them 2.5 million
when they got breached.
References
Hautala, L. (2015, September 10). Data breach exposes 10M
health records from New York insurer - CNET. Retrieved September 12, 2015.
Hack of Health Insurer Excellus May Have Exposed 10M
Personal Records. (2015, September 9). Retrieved September 12, 2015.
No comments:
Post a Comment