Top 6 Things LA Distributors Can Learn from Anthem's Security Breach

Craig Pollack | Mar 19, 2015

Top 6 Things Distributors in LA Can Learn from Anthem's Security BreachHow would your company handle a bill for over $100 million following a security breach? That was the likely impact of the theft of data early in 2015 from Anthem, the second-biggest US health insurance provider.

Anthem confirmed that as many as 80 million records had been stolen from a database with past and present customer and employee details. The data lifted included names, dates of birth, addresses, medical IDs and Social Security numbers, but apparently no financial or medical details.

Unfortunately, that did not mean that the hackers went away empty-handed. Moreover, the moral of this story applies as much to a distributor in LA as to a health care insurance provider in Indianapolis.

1. A Security Breach Can Be Surprisingly Expensive

Even if Anthem itself did not suffer prejudice from the theft of the data, it still needed to inform the people concerned and repair the damage to its reputation as best it could. The company was insured against cyber-incidents for up to $100 million.

Costs however were expected to exceed that already imposing figure. Similarly, if a distributor lost reseller payment details to hackers, the real impact could be devastating even if the details of the distributor’s own bank account were not compromised.

2. Data Encryption? Just Do It

As an extra egg-on-face factor, no encryption had been applied to the Anthem data before the theft. Even if there is a strong industry-specific (HIPAA) recommendation that healthcare providers encrypt their data, there is no regulatory obligation.

But it made Anthem’s security look all the weaker and it also meant the hackers could immediately exploit their digital booty. Yet systematic data encryption is neither expensive nor onerous, but simply effective.

3. Tax Refund Hoaxes and Other Creative Uses of Stolen Data

On the face of it, health care has little to do with tax refunds. However, similar end-user data applies in both cases. Thus hackers could use the data from Anthem for instance to file false tax refund claims and divert the payments to their own accounts. Likewise, wholesaling information that you hold could be highly attractive for other reasons to cybercriminals.

4. It All Started a Long Time Ago…

…in Internet terms, at least. There are indications that the attack on Anthem’s database started weeks, if not months before the information theft was discovered. After the event, Anthem shared ‘indicator of compromise’ information, such as suspicious Internet addresses and malware signatures revealed by its system records. The idea was to help other organizations to identify illicit activity earlier and prevent a possible security breach of their own.

5. Bite the Bullet and Own Up

Anthem published content on the web about what happened, with its apologies. Crisis management and communication are critical in this kind of situation. But more than this, appropriate disclosure of security breaches is also mandatory in certain industries. In these cases, not only do you have the personal embarrassment, but you have to go public with it too.

6. Lock Down that Perimeter

For Anthem, the attack already happened. But for all other enterprises, prevention is better than cure. Information security must be properly planned and implemented. That includes technological protection, as well as a sufficient level of employee awareness of the need and the way to keep data confidential.

Basic precautions can be taken by the enterprise itself. Others such as security audits, advanced firewall policies, and penetration testing may be best performed by competent third-party professionals.

 

Can good IT security also become a competitive differentiator? Tell us how your resellers and business partners perceive your initiatives to protect your distribution company in the Comments box below.

 

And to follow-through on the tips introduced in this short article, be sure to download your free guide, How COOs at Los Angeles Distributors and Manufacturers Get More Done: A Guide to Productivity, Data, Staffing, Delegation, and Making It Home for Dinner Most Nights.

 

New Call-to-action

Author

Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.

Comments