Anthem Inc., the second largest health insurer in the US, has suffered a security breach to its databases. According to media reports, the breached database contains information from approximately 80 million individuals. Although medical records appear not to be in danger, names, birthdays, social security numbers, email addresses, employment information and more have been compromised.
Anthem described the hacking as a “very sophisticated attack,” and the company reported it to the FBI and even hired a cyber security firm to help with the investigations. However, the extent of the stolen data is still being determined. In addition, there is no concrete information regarding the perpetrators and the modus operandi (MO) of this cyber-attack.
In February 2014 we wrote that cyber criminals are shifting their focus from the financial industry to the healthcare industry, which has become an easier target. Healthcare records contain a wealth of valuable information for criminals, such as social security numbers and personal information. This information can sometimes prove more valuable than credit card numbers, which the financial industry is working hard to protect.
In 2013, at least twice as many individuals were affected by healthcare data breaches than in the previous year, owing to a handful of mega-breaches in the industry. According to a cyber security forecast, published at the end of 2013, the healthcare industry was likely to make the most breach headlines in 2014. However, it appears that 2014 was the year in which American retailers suffered massive data breaches (Home Deopt, Staples, Kmart, and of course Target at the end of 2013).
We should consider the Anthem hack as a warning sign for all of us – the healthcare industry might be the prime target for cyber criminals in 2015. We already know that PPI (Personally Identifiable Information) and PHI (Protected Health Information) sales on black markets continue to rise. Such underground marketplaces are being used as a one-stop shop for identity theft and fraud. Such breaches can cost their victims dearly – putting their health coverage at risk, causing legal problems or leading to inaccurate medical records. Here at SenseCy, we monitor on a daily basis the usage of breached medical information on Underground forums and the Darknet platforms.
We believe that this industry is facing major threats from cyberspace. These threats encompass large areas of the industry and may become a greater burden for it, compromising patient safety, and causing financial and commercial damage to the associated bodies.