It is hoped that Anthem’s breach of 80 million of its customers will be the kind of wake-up call for the Health Care Industry of the need to take comprehensive data security measures that the Retail industry experienced with Target and Home Depot. The fact is that information from Health Care files are even more valuable to hackers than Credit Card information as Medicare and Health Insurance information sells for a premium on websites that sell data on the black market. Anthem’s records include names, addresses and Social Security numbers which can be used to open new accounts without the individual suspecting anything until the damage has been done. With pilfered Social Security numbers, ID thieves can seek benefits from victims and even apply for employment.
The Health Care Industry and Hospitals have experienced something of a fatigue in the case of patient security and privacy having undergone over recent years the extensive and expensive requirements imposed by HIPAA. Having implemented HIPAA’s stringent security requirements, many in the health care industry have been either complacent or under the false impression that they do not need to comply with PCI DSS requirements as well. There has also been a false impression that hackers will be content to continue to focus on the the retail, restaurant and hospitality industries which had been low hanging fruit for hackers over the last few years. However, there is no substitute for the type of layered data security measures encompassed by implementing encryption, tokenization and the type of employee training that are required under PCI DSS. Hopefully, the Health Care industry will take heed of the painful lesson experienced by Anthem’s massive and costly breach.