Nearly three months have passed since Anthem Insurance announced a massive security breach that exposed the personal records of over 80 million of its customers. Names, birth dates, social security numbers, and other highly sensitive information was compromised, making it one of the largest hacks on a healthcare organization in history.
Initial reports on the incident revealed that much of the compromised data was unencrypted, leaving it exposed to hackers. While this may seem like a comfort to insurers with robust encryption technology, the sophistication of this attack implies that even if the data had been encrypted, it would have served as little more than a speed bump to the breach.
While data encryption should still be a critical part of your network security protocol, it cannot be your only form of protection. MIT Technology Review is predicting that this will be the year of healthcare security attacks, and if your network is left vulnerable, your organization could become the statistic. Here are three important tips to take away from the Anthem Insurance security breach:
1. Keep your IT team up to speed. This is not to imply that the Anthem IT team should be held accountable for the attack. As hackers (and their tools) become more sophisticated, it grows increasingly difficult to detect and prevent attacks. However, your team should be educated on the latest and most effective detection and prevention protocols. Assess your network security needs regularly and, when necessary, expand your IT team to ensure that your security efforts are operating at full capacity.
2. Know your network architecture. Large organizations like Anthem have myriad access points to their networks, and leaving even one exposed can invite an attack. A well-executed network architecture can help maintain network visibility while silently monitoring traffic flowing in and out of the data center. Deploying in-line taps that are invisible to the network will provide constant, undetectable data capture to network analysis, monitoring, and IDS devices.
3. Test your systems. Like SCADA networks, insurance organizations are responsible for storing enormous amounts of data across numerous servers. The ultimate security test is to try accessing your own systems, searching for weak points and back doors that hackers are likely to target. This also gives your team the chance to practice response protocol in the case of an actual attack. Anthem’s security breach could be traced back as early as December 2014, over a month before the company detected it and alerted its customers. The faster your reaction, the less impact your attackers can have with stolen data.
As large networks continue to attract increasingly sophisticated attacks, it’s critical that your organization’s security and response protocols keep pace. Data encryption is an essential part of those efforts, and when paired with other security measures, can help slow down or prevent future attacks.
At Datacom Systems, we are proud to be one of the remaining independent manufacturers of taps and network packet brokers, enabling us to maintain close relationships with our customers and to develop new products to suit their changing needs.