• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
Network Security

Security Lessons from the Anthem Data Breach

An Anthem data breach exposed an estimated 80 million medical records. We need to learn from their loss.

April 29, 2015 Jonathan Blackwood Leave a Comment

Health insurance provider Anthem was recently the victim of a data breach that saw the loss of medical information for up to 80 million Americans. From what has been gathered, an IT administrator at Anthem became aware of a database query with his credentials attached. Further investigation by Anthem IT led to the discovery that client protected health information (PHI) was being held in an offside public cloud storage service. That’s when the FBI was called in to help investigate what turned out to be the largest data breach to a healthcare company.

While no credit card information nor personal health records were exposed, thieves came away with names, social security, numbers, addresses, and health coverage ID numbers, which is potentially more damaging. The use of healthcare IDs fraudulently are harder to prove, and even so, when another person uses your medical information, your medical records are changed, causing potentially life-threatening issues. Not to mention, according to Ponemon Research, PHI information can fetch as much as 10-50 dollars per record, as opposed to 1-5 dollars for credit card info.

Throwing more money at this problem isn’t necessarily the solution. Focus in recent years has been on strengthening preventive defenses against APTs and elusive malware, resulting in technologies such as sandboxing, which increases signatureless threat protection. What has been missing is an emphasis on post-infection strategies like containment. Organizations need to deploy the best preventative security possible, but as important is the need for the same level of commitment to post-infection security. Techniques like leveraging evasive ports and protocols, riding on hidden data channels, or the use of polymorphic malware that fools sandboxes, are getting past even the best security. As much as security providers believe their preventative products won’t be breached, it happens, and you need to be prepared in case it does.

Data isn’t lost until it leaves the network. That’s the mission of the malware, and it is not complete until the data is stolen. The gap between malware infection and detection and where data exfiltration occurs, is not being covered. Even if detection security, without the means to automatically stop malware data will continue to leave the network even as you work on solving the problem.

In order to close this gap, technology must detect and contain malicious data transfers:

  • Network Anomaly Detection will be critical factor to post-infection security.
  • Automatic containment is the key to reducing data exfiltration.
  • Actionable intelligence delivered in real-time speeds remediation.

With recent breaches fresh in mind, companies will want to increase network and data security efforts. Just be sure that you are closing the gaps, covering the bases, and securing all aspects of prevention, detection, and containment. Learn from the mistakes of the past and don’t get burnt in the future.

Read the full white paper at iboss Cybersecurity

Jonathan Blackwood
Jonathan Blackwood

Jonathan Blackwood is the Editor-in-Chief of TechDecisions. Jonathan joined TechDecisions in 2014 and writes about technologies that help to innovate and improve practices for companies of all sizes, K-12 and higher education, government, healthcare, hospitality, retail and large venue spaces. He is especially interested in the future of work and education and the Internet of Things. Follow him @BlackwoodTweets.

Tagged With: Corporate, Data Backup & Recovery, Data Security, Disaster Recovery, Privacy

Related Content:

  • Microsoft Basic Auth Prepare: Microsoft Begins Disabling Basic Auth in Exchange…
  • Microsoft 365 Idle Session Timeout Microsoft Rolling Out Idle Session Timeout for Microsoft…
  • Cyber technology security lock on screen, network protection Why Security Technology Convergence is Crucial to Future-Proofing…
  • WatchGuard Ransomware WatchGuard: Ransomware on Pace for Record Year

Free downloadable guide you may like:

  • These 10 IT Certifications Are Critical To An IT Pro’s Success in 2022

    Here are 10 cloud, data and security certifications that we identify as critical to an IT professional’s resume in 2022 and beyond, according to a variety of sources, including Indeed, Robert Half, CompTIA and others.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.