Healthcare’s Worst Nightmare: Anthem Breach

According to Anthem’s website, one in nine Americans receives coverage for medical care through Anthem’s affiliated plans. Despite being a data storage powerhouse, Anthem failed to encrypt consumer data which surprisingly is not against the law.

Anthem, the country’s second largest health insurer was hacked recently compromising names, birthdays, medical IDs, social security numbers etc. of almost 80 million individuals. The datasets that Anthem says were stolen, include name, address, Social Security number, email and income. These are called “fullz” in the cyber world because of their ability to replicate an individual’s identity.

While attacks against the health care industry are not uncommon, it is surprising to hear that healthcare breaches topped the 2014 breach list compiled by the Identity Theft Resource Center. Health care companies suffered 42.5% of all data breaches in 2014, continuing a three-year trend. Yet here we are, in the aftermath of a particularly devastating attack. As hackers become more daring with their approach, targeting bigger companies, the law is struggling to keep up. This has created an unfortunate situation where individuals are left to fend for themselves.

Recently, New Jersey Gov. Chris Christie signed a law requiring health insurers operating in the state to encrypt client information, including Social Security numbers, driver’s license numbers and identifiable health information. The law was partly in response to the breach of Horizon Blue Cross Blue Shield of New Jersey in 2013. But the question arises, is this enough? What else can we do to protect our own identity? The Identity Theft Resource Center gives a few tips:

a. Credit freeze: An individual can pay as little as $10 to freeze their credit which limits any inquiry into a person’s credit report. This prevents an individual from opening new credit lines unless the credit freeze is lifted.

b. Credit alerts: Individuals can sign up for credit alerts which can inform them of inquiries made on their credit.

c. Monitor! Monitor! Monitor! : Individuals should be especially vigilant about sharing their credit card information online and regularly monitor their credit report and to spot suspicious activities early on.

In light of the current situation, MTBC wants to remind its users that it is working hard to ensure compliance with HIPAA and HITECH requirements and is constantly looking for ways to evolve its security policy to safeguard all user information. A comprehensive look at MTBC’s HIPAA compliance policy can be found at http://mtbc.com/resources/HealthcareRegulations.aspx.