Hackers Steal Anthem Health Insurance Records Due to Lack of Encryption
When you have a database that has information for over 80 million clients, it gets really hard to keep the data safe at the same time when you also want to make it accessible for those that the data is meant to be for.
Health insurance company Anthem is one such example where the heaps of customer information were not encrypted. This resulted in a cyber attack where information on millions of their customers was stolen by hackers.
According to an inside informer, it was really the matter of making the data useful that the company didn’t scramble the data. In other words, while it would have made it useless for the hackers who stole the data, it would have also made it hard for the employees and government agencies to make good use of it when needed.
While the chief executive officer of Anthem, Joseph Swedish says that he is with the concerned and the frustrated, he didn’t say how much damage has already been done due to the data theft:
We join you in your concern and frustration. I assure you that we are working around the clock to do everything we can to further secure your data.
A spokesperson for Anthem, Kristin Binns explained how the company incorporates encryption in their system – and apparently, that is where the flaw lies in all this.
According to Binns, they are require to “maintain a member’s Social Security number in [their] systems so that their systems can uniquely identify their members.” However, the data that they have stored with them is only encrypted when it is supposed to be moved out of their system.
This means that when the data is residing on their system, it is not encrypted.
We use other measures, including elevated user credentials, to limit access to the data when it is residing in a database.
Not encrypting the data might have been a norm in the industry, according to the company, but there are states in the US where it is enforced by law. For instance, New Jersey where all health insurers are bound by law to encrypt client information.
Good for Anthem that they are not doing business there or they would be facing serious charges.
Some of the investigators are suggesting that the attack might have been led by a group of Chinese hackers although Chinese Foreign Ministry spokesman Hong Lei says the allegations are “groundless.”
Investigators seem to have found tools and malware that Chinese hacker groups use – do you think they might have had something to do with the attack?