Anthem attack a wake-up call for health care industry, nation


As if patients entering doctor’s offices don’t have enough anguish, uncertainty and pain to worry about already, along comes a new and mammoth set of unsettling woes confronting them direct from the cyber sphere.

Revelations this month that unknown hackers accessed extremely personal information from Anthem Inc. have given 80 million clients of the second largest health insurer in America. — including thousands in the Mahoning Valley — additional headaches and well-founded fears.

The monumental breach serves as both a cause for alarm and a call to action.

It is alarming that the hackers so easily penetrated internal controls of the herculean health insurer to retrieve access to names, addresses, Social Security numbers, birth dates and other key information ripe for exploitation and potential identity theft against so many. That form of larceny ranks as the fastest growing criminal activity with health care data breaches alone striking 10 million people last year, according to the Congressional Research Service.

Unfortunately, the health care industry lags far behind retailers and financial institutions in protection of consumer information, according to Avivah Litan, a cybersecurity analyst at the research firm Gartner. After highly publicized cyber attacks on such American icons as Target, Home Depot and Chase Bank in recent years, sophisticated new security systems were put in place. At Target, for example, it cost $148 million to clean up and repair its database after the 2013 break-in hit 40 million credit and debit card numbers and 70 million sets of personal information. It’s time for health insurers and health care providers to play catch-up.

DANGEROUS LACK OF ENCRYPTION

Anthem, for example, admits its security network failed to have sophisticated encryption protections in place. Encryption uses mathematical formulas to scramble data, converting sensitive details lusted after by intruders into incomprehensible gobbledygook. Anthem and other health-care databases can work toward regaining public trust by acting independently to install encryption and other security safeguards into all of their databases.

But as the government pushes health-care industries toward digitizing its massive piles of records, it should also lend a hand in the protection of that ultrasensitive personal information. To his credit, President Obama, in his 2015 State of the Union address last month, issued an urgent plea to Congress “to pass legislation we need to better meet the evolving threat of cyberattacks, combat identity theft and protect our children’s information.”

His administration quickly followed up on that alert earlier this month by establishing a new Cyber Threat Intelligence Integration Center to coordinate, monitor and offer guidance relating to cyberattacks across government and to work toward developing public policy to lessen the threats.

Toward that end, the U.S. Senate Health, Education, Labor and Pensions committee said it is planning to examine legislation to require encryption and other security enhancements as part of its bipartisan review of health information security. We would hope that its work would receive priority treatment, recognizing that cyber insecurity potentially can adversely affect every single American. We would hope, too, that it could work with privacy advocates, online data experts, government agencies, health care companies and private industry to draft, implement and enforce rigid sets of minimal cyber protections for implementation nationwide.

By using this site, you agree to our privacy policy and terms of use.

» Accept
» Learn More