Key Takeaways From the Premera Data Breach

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2015/03/23/key-takeaways-from-the-premera-data-breach/

By Elizabeth Snell
Health IT Security
March 23, 2015

Last week, the Premera data breach announcement further pushed the data 
security of healthcare organizations into the limelight. The health 
insurer stated that approximately 11 million members’ sensitive 
information, including PHI, was potentially exposed after a “sophisticated 
cyber attack” infiltrated its system.

Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the 
health insurer’s affiliate brands Vivacity and Connexion Insurance 
Solutions, Inc. are all potentially affected, with applicants’ and 
members’ names, dates of birth, email addresses, addresses, telephone 
numbers, Social Security numbers put at risk. Moreover, member 
identification numbers, bank account information, and claims information, 
including clinical information, were all potentially exposed.

ncidents like this are likely to cause healthcare leaders to review their 
incident response procedures, according to Dan Bowden, Chief Information 
Security Officer for the University of Utah, University of Utah Health 
System. Many organizations are already working on their malware defense 
capabilities, Bowden said, but the two large scale breaches over the last 
couple of months further underline the importance of incident response.

“There is no absolute to tell your consumers that there is no possible way 
their data will not get breached,” Bowden said. “We have people come to 
work every day trying to do the right thing and people make mistakes.”

For example, an employee could open an email that lets malware into the 
healthcare’s system.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/