Anthem and Premera Healthcare Breaches Were Preventable
Posted April 16, 2015
Protection Beyond Encryption: ThreatMetrix Strategies for Preventing Cybercrime in Healthcare and Other Industries
ThreatMetrix observes that the Anthem and Premera data breaches that exposed tens of millions to fraud, ID theft and other crimes could have been prevented through the use of real-time digital identity intelligence.
Hacking healthcare is relatively easy and highly profitable
Stolen health credentials can sell for $10 apiece on the black market or around 10 to 20 times what a U.S. credit card number goes for.
Between them, in just the first few months of 2015, the Anthem and Premera hacks exposed the health records of more than 90 million individuals. It’s a clear sign the healthcare industry has become a leading target for cybercriminals. One good reason is healthcare providers are still using antiquated authentication and fraud prevention solutions.
Reed Taussig, ThreatMetrix president and CEO, on anonymized global intelligence sharing
“The most valuable data stores for fraudsters are stolen patient records that are associated with a valid health insurance policy. While most enterprises continue to focus on securing their internal networks, what is really required is broad adoption and use of secure, anonymized global shared intelligence that will identify what for and where those 90 million stolen identities are being used.”
ThreatMetrix strategies to help prevent healthcare breaches:
- Implement unified fraud prevention that leverages a digital identity network to detect and prevent mobile and online fraud while, at the same time, remaining agile and responsive to the needs of customers, agents, brokers and others.
- Implement advanced device and malware detection capabilities to ensure insurance providers’ systems are not breached as a result of stolen or third-party credentials.
- Leverage anonymized shared intelligence on personas (digital identities) to connect users with their online activities and device-related behavior patterns outside the company’s network.
Alisdair Faulkner, ThreatMetrix chief products officer, on improving risk intelligence
“When Anthem and Premera sneezed, the cybersecurity industry caught a cold. Most organizations are focusing purely within their own networks, but the board room needs to be aware that these massive data breaches are just a precursor to the main event – a systemic and continuous attack on their customer and employee authentication, fraud and identity systems. To do a credible job defending against stolen identities, organizations need better risk intelligence based on anonymized shared intelligence to differentiate between trusted users and cyber threats.”
More than encryption, hackers have to be stopped before they get started
The data stolen in the Anthem breach was encrypted, but encryption alone wasn’t enough to protect employees’ and customers’ personal information. Hackers began infiltrating Anthem’s systems 10 months prior to the announcement of the attack. What Anthem needed was real-time intelligence to stop these hackers in their tracks.