Healthcare giant Anthem has agreed to pay a $16 million settlement to the United States government following the 2015 data breach that affected almost 80 million customers.
The insurance provider failed to properly secure its infrastructure as mandatory by the Health Insurance Portability and Accountability Act (HIPAA), allowing hackers to infiltrate the organization through spear-phishing emails sent to a subsidiary. Hackers walked away with 79 million Anthem customers’ names, social security numbers, medical identification numbers, billing addresses, dates of birth, email addresses, and employment information.
The organization is said to have failed to have adequately tightened access controls and other appropriate measures for detecting introducers who gain access to systems.
Healthcare entities have long been attractive targets for cyber thieves, which is exactly why these organizations must continuously monitor systems and ensure the basic CIS controls are in place to protect against the most common attack vectors. Anthems 2015 breach is on record as the largest health data breach in U.S. history, which merits the largest HIPAA settlement in history.
As with the majority of compliance standards, Change Tracker Gen7 provides a key solution for a health provider cyber defense strategy, with System Hardened and Vulnerability at its core, but with critical operational processes like Change & Configuration Management comprehensively covered alongside enhanced Host Intrusion Detection capabilities.
HIPAA compliance reports are provided ‘out of the box’ and based on leading recommended Center for Internet Security (CIS) and NIST recommendations. These hardened build standards can be customized to your specific healthcare and ePHI systems to ensure access rights and audit trails are provisioned correctly.
Gen7 then continuously monitors for compliance to ensure that if any change in your security configuration occurs, you can address it immediately before any damage is done.
Read on InfoSecurity Magazine