![]() These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). ![]() Phishing scams, according to the University of Indiana, “are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). The most likely means of doing this is phishing, although it’s true that those credentials could have been exposed in other ways. It seems as though hackers were able to get their mitts on network credentials for multiple individuals within the company who had high-level access to the IT system. Of course, Anthem hasn’t been particularly transparent about what went on, when or much else about the situation, but some details have filtered out. While there’s a debate over whether encryption would have stopped the breach, some experts say its absence points to a general laxity at Anthem about cyber-security.” It should be noted that Anthem was not legally required to encrypt this data, although the healthcare giant could face lawsuits in civil court over this. The huge healthcare firm didn’t encrypt the huge volume of personal information it held, for example. The fact that employee data was among the tens of millions of records stolen is cold comfort to everyday Americans who trusted the insurance giant to safeguard their data.Īccording to a story written by Michael Hiltzik for the LA Times, “Often it turns out that the breach isn’t so sophisticated, but that hackers exploited known vulnerabilities in the target’s system. ![]() Because no medical information was compromised, this does not fall under HIPAA/HITECH, although it reflects very poorly on the company, pointing to laxity in their view of security toward personal information. The plain and simple truth about the hack is that Anthem failed to encrypt their files. Anthem simply failed to protect against it. The attack wasn’t really all that sophisticated. So, what does “sophisticated attack” actually mean? Just how “sophisticated” does an attack need to be in order to compromise the personal information of 80 million Americans? The answer might just surprise you. (Anthem) discovered that cyber-attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT system and obtained personal information.” The company’s statement began, “On January 29, 2015, Anthem, Inc. In fact, the medical information wasn’t even the target – thieves have much more use for birthdates, physical addresses, and employment information than they do for whether someone is having chemo or had an x-ray last year. ![]() It should be noted that, while medical IDs and membership information was included in the data stolen, no actual medical records or other medical information was compromised. Anthem and the FBI report that it doesn’t seem as though any credit card or other financial information was stolen, but the details of what was stolen are frightening. In all, close to 80 million Americans have had their personal information exposed to hackers, with quite a bit of sensitive information being stolen. Investigators confirmed unauthorized data queries to the company’s servers on January 29, 2015. This was not a one-time attack, and incursions continued throughout December, and almost until the end of January 2015. In December 2014, Anthem employees noticed suspicious database queries being made. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |