Cygilant Blog

Avoiding Fatal Mistakes: How SMEs in Healthcare Can Learn from the Anthem Breach

Posted by Kevin Landt on Jan 27, 2016



The breach of Anthem Insurance is a story that small and medium-sized enterprises in the healthcare industry can learn from so that they avoid facing the same fate as the health insurer. Here’s a look at how the hack happened and how two basic security tools—network security monitoring and encryption—would have protected Anthem.

The Anthem Insurance Hack

On January 29, 2015, Anthem president and CEO Joseph Swedish announced the discovery of "a very sophisticated external cyber attack" on the second-largest U.S. health insurance company. Investigators looking into the attack decided state-sponsored Chinese hackers were possibly the culprits, and that the intruders may have been looking for personal data to construct profiles for espionage purposes.


Whoever the criminals were, they stole Social Security numbers, medical IDs, and other sensitive personal identifying information of about 80 million customers, including Michael Daniel, President Obama's chief adviser on cybersecurity, who announced he would be changing his password in the wake of the hack.

Network Security Monitoring

According to Anthem's May 8, 2015 statement about the hack, the health insurer suspects the digital theft took place over the course of several weeks in December 2014. That means unusual traffic—especially the downloading of massive amounts of sensitive data, but also other anomalous patterns—occurred on company servers for an extended period of time. Had Anthem been on top of its cybersecurity, they would have had network security monitoring in place that would have seen that irregular data flow and alerted IT teams, who could have shut down systems and put a stop to the ongoing compromise.


In fact, network security monitoring could have taken things one step further. If properly implemented, it would have picked up on the early warning signs of hackers searching for a way to break in. What exactly happened in the Anthem case is not clear, but to construct a fictitious scenario, network security monitoring software could have seen an unusually high amount of port scanning coming from parts of the world where Anthem does not even operate. Such a red flag could tip off IT teams to patch all their vulnerabilities before a hack could take place.

Data Encryption

Another mistake Anthem made was to not encrypt customers' personal identifying data. In addition to damaging customers' trust—a serious consideration of its own—Anthem might face financial costs as a result of this poor decision. First, Anthem might be charged fines under the Health Insurance Portability and Accountability Act (HIPAA), the federal law regulating the privacy of medical information. Second, customers might sue the health insurer in civil court.


Previous cases where customers have successfully sued companies for not taking sufficient cybersecurity measures include Stratfor, which was hacked in late 2011. The private intelligence firm had to reach a settlement in a class action lawsuit filed by customers over the company's failure to properly encrypt records.

Strengthen Cybersecurity

Stolen medical records can pose life-threatening hazards to identity theft victims. But what’s most alarming about this data breach is that it can extend to other industries besides the healthcare industry. To protect against hacks like the Anthem breach, small and medium-sized enterprises can turn to EiQ's SOCVue, a managed security service that provides round-the-clock network security monitoring to supplement an organization's in-house cybersecurity team. With additional support, healthcare companies can better protect their systems and prevent the theft of more medical records in the future.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities.


Would you like to learn more about how EiQ can help? Sign up for a SOCVue demo today.


Request Free Demo Now!


Top image credit: rootstock/Shutterstock


Tags: Healthcare, Data Breach, Cybersecurity, HIPAA, Hacking, InfoSec, IT Security, SME

Most Recent Posts

Subscribe to Email Updates