Although the disclosure of the hacking and data breach at Anthem, the country’s second largest health insurance company was only disclosed eight days ago, the first lawsuits alleging negligence on the part of Anthem in failing to take proper steps to protect the personal data on the as many as 80 million Anthem customers were filed in Indiana, California, Alabama and Georgia. It now appears that the actual hacking was first detected by Anthem on January 27th, but started as early as December 10th. Once again, as is the pattern with so many major data breaches, it appears that the hackers gained access to Anthem’s, what have been reported to be, unencrypted data bases through phishing emails that tricked five Anthem employees into either providing their passwords or clicking on malware loaded links that stole the passwords from the Anthem employees’ computers.
Many companies are just not doing enough to protect their sensitive data including personal information of their customers. There are many steps that companies can and should be taking including greater encryption of data, employee education about phishing and limiting of access to information from off-site computers. Whether companies need to be prompted by lawsuits or legislation, the problem is so significant that companies must take action now to better protect themselves from hacking.
As for we, the customers, all we can do is try to limit as best we can the personal information provided to the companies with which we do business (your doctor, does not need your Social Security number) and monitor our financial and medical dealings for signs of identity theft. Putting a credit freeze on your credit reports at each of the three major credit reporting agencies is another good step to take in order to reduce your risk of identity theft. You can find information about how to put a credit freeze on your credit reports here on Scamicide in the archives.