Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Insurance
February 05, 2015 12:00 AM

Anthem attack a wake-up call to step up cybersecurity

Adam Rubenfire
Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    AP

    Anthem's Indianapolis headquarters

    The historic cyberattack against Anthem is a reminder that even the largest healthcare organizations are not immune from hacking, cybersecurity experts agree.

    The attack is a stark reminder to have strong cybersecurity measures and a skilled information technology staff in place to protect customer data. Such efforts are just part of a multifaceted strategy needed to protect against such hacks, experts agree.

    “I have no doubt that Anthem has a fairly sophisticated security organization,” said Mac McMillan, a healthcare security expert and founder of CynergisTek, an Austin, Texas-based security consultancy. “This basically proves that it doesn't matter how big you are or how much money you spend, and how diligent you are at protecting your data, you can still have an incident. Everybody could have a breach.”

    The Anthem hack may cause providers, payers and others in healthcare to reevaluate what they have been spending on IT security. Recent reports from the Healthcare Information and Management Systems Society and the Ponemon Institute peg average spending by provider organizations on security at about 3% of organizations' IT budgets. That's low, compared with other regulated industries such as banking and insurance, which spend twice that amount, McMillan said.

    “And, given the number of incidents of hacking and breaching in the financial services sector (e.g., a reported 76 million at J.P. Morgan Chase), 6% may not be enough any more. What does that say for (healthcare's) 3%?” he said.

    Spending on security has inched upward in healthcare in recent years, McMillan added. “So, maybe this (Anthem breach) will be the thing that makes people say we have to do something about this, but I haven't seen that realization.”

    Strong internal and external firewalls, access control measures, antivirus solutions and phishing filters are important IT measures to prevent attacks, but policies, procedures and employee education are just as important and often cheaper, experts say. And, at the end of the day, an attack is almost inevitable, so cybersecurity insurance also should be part of any provider or payer defense against hacking.

    In the face of an inevitable attack, identification and response is equally if not more important, experts say. Big or small, companies need employees that can recognize when hackers have breached their network, or are casing it to find a way in.

    “You can buy a million-dollar firewall, but you need someone to make it effective,” said Chris Pogue, senior vice president of cyber threat analysis for Nuix, a software firm. “It's marriage of skill and resources.”

    Once an organization conducts mock-attack scenarios, it will have a clear roadmap for where it should divert resources to eliminate tech vulnerabilities. But it's not just about technology—employees can present the biggest vulnerability, said Armond Caglar, senior threat specialist at TSC Advantage, an enterprise risk consultancy that specializes in human behavior. Cagler stresses to his clients that security involves human behavior too.

    Companies have to train employees on how to recognize phishing attacks—in which hackers try to dupe employees into giving them access to corporate networks—as well as educate them on precautions that should be taken when traveling with a work computer that has sensitive data.

    “If people want what you have, they're going to try to get it, but you've got to make their job very, very difficult,” Caglar said. “Folks can't invest in these IT-centric solutions when they're leaving other vectors undefended.”

    If an employee is terminated, human resources staff should follow up with IT staff to make sure that the individual’s network access is fully terminated. Also, contracts with companies that have access to patient data should spell out how the contractor will protect the information and respond in the event of an attack.

    Anthem has yet to say publicly what the attack may have cost the company, but the overall cost could be in the hundreds of millions of dollars based on past attack costs.

    McMillan, at CynergisTek, said he'd heard a steep estimate on a major Community Health Services hacking incident in which 4.5 million records were compromised.

    “I heard an estimate on CHS of $100 million, so if 4.5 million records are going to cost you $100 million, how much is 80 million going to cost?” he said. “If they decide to provide any credit monitoring for any of the victims, even if it was $10 a person, you do the math.”

    Follow Adam Rubenfire on Twitter: @arubenfire

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Clawbacks
    Insurance companies ramp up efforts to claw back money from providers
    Feds take aim at prior authorization
    Feds take aim at prior authorization
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Daily Finance Newsletter: Sign up to receive daily news and data that has a direct impact on the business and financing of healthcare.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing