White House Urges Fast Action on Data Breaches After Anthem Hack

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bloomberg.com/news/articles/2015-02-05/white-house-urges-fast-action-on-data-breaches-after-anthem-hack

President Barack Obama’s top advisers urged Congress to act quickly to
strengthen consumer data protections after the security breach at Anthem
Inc.

“Hardly a week goes by when the problem is not on the front pages of the
newspapers,” John Podesta, counselor to Obama, said in a conference call
with reporters promoting White House data protection proposals. “With each
breach there is more need” for the legislation, he added.

Anthem, the second biggest U.S. health insurer by market value, disclosed
that hackers obtained names, birth dates, Social Security numbers, street
and e-mail addresses and income data on tens of millions of current and
former customers. The attack underscores the need for “a single national
standard to protect consumers from data breaches,” Podesta said.

Obama last month proposed legislation that would establish a standard for
notifying customers of breaches and another measure that would bar student
data from being used for non-educational purposes.

The administration also plans to push for enactment of its Consumer Privacy
Bill of Rights, which lays out principles for online data collection. The
White House will release draft legislation soon, according to a progress
report issued by the White House.

The bill would require companies to notify victims of data theft within
within 30 days, Podesta said.

“Anthem did do that,” he said.

Best Practices

Anthem is “operating in a realm of best practices,” Podesta said. “They are
in that zone. What we want to see is both a constant application and a high
set of standards.”

Multinational companies including Sony Pictures Entertainment and JPMorgan
Chase & Co. have been among high-profile companies grappling with hackers.

Anthem, formerly known as WellPoint, didn’t provide information on how the
hacking occurred or when it was discovered.

The Anthem attack is the biggest in the health-care industry since Chinese
hackers stole Social Security numbers, names and address from 4.5 million
patients of Community Health Systems Inc., the second-largest for-profit
hospital chain, last year. These events are on a similar scale to hacks of
customer data from Target Corp. and Home Depot Inc. last year in terms of
the number of people affected.

Anthem will notify customers who were affected and provide credit and
identify-theft monitoring services for free, Chief Executive Officer Joseph
Swedish said in a letter to customers.

“As soon as we learned about the attack, we immediately made every effort
to close the security vulnerability, contacted the FBI and began fully
cooperating with their investigation,” Anthem said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!