Tag Archive for Blue Cross and Blue Shield

| March 10, 2015
Comments Off on Anthem Data Breach Hits BCBSM Users

Anthem Data Breach Hits BCBSM Users

Anthem Data Breach Hits BCBSM UsersThe recent cyber-attack on the second-largest health insurance company in the U.S., Anthem Insurance was allegedly pulled off by Chinese hackers. Now the attack, which I covered here has spread to Michigan. Emily Lawler at MLive is reporting that Michigan residents are caught up in the national healthcare insurance data breach.

The Anthem health insurance company compromised data includes an estimated 80 million people, of which 636,075 Blue Cross Blue Shield of Michigan users. According to the article, some of the compromised information could have come from BCBSM customers. A BCBSM spokesperson told MLive there was a “strong possibility” some BCBSM customer data had been caught up in the data breach.

BCBSM is an affiliate of the compromised company, so the Michigan firm shared critical customer information with Anthem. The affiliation allowed the attackers to gain access to Michigan BCBSM users. Ms. Lawler cites information from Anthem’s initial investigation, which found that compromised Michigan personally identifiable information (PII) that could have been compromised includes names, dates of birth, social security numbers, addresses, phone numbers, email addresses and employment information.

Data theftReassuringly (snark) BCBSM and Michigan’s Department of Insurance and Financial Services have been monitoring the data breach and its potential effect on Michiganders. BCBSM External Affairs Manager Stephanie Beres told MLive numbers from Anthem say 636,075 Michigan residents are impacted. That includes 410,990 Anthem members, and 225,745 customers of Blue Cross Blue Shield, Ms. Beres said.

rb-

Anthem is sending letters to those impacted their oopsie who will offer two years of free credit monitoring and identity theft repair. According to Anthem’s website AllClear ID will provide credit monitoring services. Those who think they may be affected are encouraged to visit a website Anthem has set up to distribute information about the hack, www.anthemfacts.com.

Related articles
  • Connecticut bill requires insurers to encrypt personal data (newsday.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| February 19, 2015
Comments Off on Anthem Data Breach Allows Phish of US Cyber Forces

Anthem Data Breach Allows Phish of US Cyber Forces

Anthem Data Breach Allows Phish of US Cyber Forces– Updated 10/25/2018 – Anthem, Inc. has agreed to pay a $16 million HIPAA fine to the U.S. Department of Health and Human Service, Office for Civil Rights. The OCR found that the data breach between December 2, 2014, and January 27, 2015, cyber-attackers stole the electronic protected health information of almost 79 million people. The stolen information in the data breach included names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information.

The $16 million settlement is the largest HIPAA settlement.

Anthem Breach Allows Phish of US Cyber ForcesMany online believe that the Anthem (ANTM) hack was a strategic cyber-war strike by China. Stu Sjouwerman at CyberheistNews writes that PII thefts would normally be a Russian operation. However, the Anthem data breach appears to be a Chinese attack. CNN reports that Chinese hackers tend to target trade, economic, and national security secrets that could help the Chinese economy. Mr. Sjouwerman says he received an insider tip that most of the three-letter U.S. Government agencies have their employees insured through Anthem’s Blue Cross Blue Shield. Anthem also provided health insurance defense contractors Northrop Grumman and Boeing.

Anthem Bluse Cross logoKnowbe4’s Sjouwerman speculates that the Chinese now own the identities of all the people fighting them. The stolen data can now be used in a multitude of social engineering scenarios. Dmitri Alperovitch, co-founder of security firm CrowdStrike told CNN that the attack fit the profile of a hacking group believed to be Chinese government spies called “Deep Panda.”

The objective of the “Deep Panda” data breach according to the CrowdStrike CTO is to amass a large collection of Americans’ personal information to find citizens willing to spy for the Chinese and find potential U.S. spies operating in China. Mr. Alperovitch told CNN that’s why Chinese hackers broke into U.S. federal employee network last year. They also broke at least three hospital chains and two insurance providers the public hasn’t yet heard about.

PhishingKnowbe4 speculates that many people in the Government have steam coming out of their ears about the Anthem hack. Cyberwar has suddenly become very personal to them. This may be why President Obama recently signed an executive order that will nudge private companies to share data about cybersecurity threats between each other and with the federal government.

Apart from the cost of the Anthem data breach are likely to smash $100 million barrier, it’s surprising that Anthem did not encrypt SSN’s which allowed wholesale identity theft of thousands of American cyber-warriors.

Deep Panda is amassimg a large collection of Americans' personal informationCEO Sjouwerman explains that hackers are going after healthcare records because they are much more valuable. He points out that healthcare records stay active for several months after a hack, as opposed to credit card numbers which quickly get nixed after a few days. Since Anthem is a healthcare company, you would expect them to take HIPAA compliance to the max and even top the required controls with higher standards. As we all know, compliance does not equal security, but it establishes a baseline at the very least.

rb-

There is enough blame to go around.

Time to go back to a cash society and barter.

Say, Doc Johnson, I’ll trade you two chickens for measles vaccination.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| February 5, 2015
Comments Off on Spies Say Encryption Best to Protect Data

Spies Say Encryption Best to Protect Data

Updated August 01, 2019 – Trump’s top cop U.S. Attorney General William Barr rehashed the time-worn government demands for private firms to break encryption. AG Barr closed his July 23, 2019 speech at the International Conference on Cyber Security, by saying that U.S. citizens should accept encryption backdoors because backdoors are essential to our security.

Spies Say Encryption Best to Protect DataDespite what current US policy appears to be, a newly leaked document courtesy of Edward Snowden revealed that some U.S. officials are encouraging the use of encryption to protect data. GigaOm points out a 2009 document penned by the U.S. National Intelligence Council, which explained that companies and the government are prone to attacks by nation-states and criminal syndicates “due to the slower than expected adoption…of encryption and other technologies.” The report detailed a five-year prognosis on the “global cyber threat to the US information infrastructure” and stated that encryption technology is the “[b]est defense to protect data.”

750 major data breaches exposing more than 81 million private records.Seems that these spooks were right. FierceITSecurity reports there were 750 major data breaches in the U.S. last year, exposing more than 81 million private records. FierceITSecurity cites data from SysCloud, a provider of security and data backup for enterprises which provided the following infographic about data breaches.

 

SysCloud infographic

U.S.’s second-biggest health insurer Anthem Inc., lost personal information for about 80 million of its customers2015 will be worse. The WSJ reports a single data breach at the U.S.’s second-biggest health insurer Anthem Inc., lost personal information for about 80 million of its customers when attackers broke into a database. According to the WSJ, the breach exposed names, birthdays, addresses, and Social Security numbers. Anthem said in a statement that the affected (plan/brands) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. Anthem did not encrypt the stolen PII according to reports.

GigaOm explains that encryption makes it possible for documents and messages to be unreadable to people who don’t have the proper cryptographic key.

encryption

A cryptographic key is the core part of cryptographic operations which scramble information. Cryptographic systems include pairs of operations, such as encryption and decryption. A key is a part of the variable data that is provided as input to a cryptographic algorithm to execute this sort of operation. The security of the scheme is dependent on the security of the keys used.

The spooks also encouraged multi-factor authentication, which adds another step to the security process beyond simply entering a password.

vocal opponent of encryption technologyDespite the totally porous nature of online security, GigaOm points out that the Obama administration is a vocal opponent of encryption technology. According to Bruce Schneier the gooberments opposition to encryption on phones is all bluster and sound bites.

Encryption is no doubt a hot topic in the security space. GigaOm says there’s been a wave of security start-ups focusing on encryption scoring millions of dollars in investment in recent months. Security start-ups VeradocsCipherCloud, and Ionic Security have recently landed over $100 million in investments.

Despite political pushback, it’s clear that companies won’t slow down on implementing encryption any time soon, so long as large-scale data breaches continue to occur on a seemingly weekly basis.

rb-

Is it time to go back to a cash economy?

 

Related articles
  • Crypto-Wars Escalate: Congress Plans Bill To Force Companies To Comply With Decryption Orders (thenewsdoctors.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| December 11, 2009
Comments Off on Insurers Astroturf Facebook

Insurers Astroturf Facebook

Insurers Astroturf FacebookThe Business Insider reports that health insurance industry trade groups opposed to President Obama’s health care reform bill are paying Facebook users. The trade group is Facebook users virtual currency to send letters to Congress protesting the bill. When Facebook users play a social game, like “FarmVille” or “Mafia Wars,” the gamers get virtual currency in three ways:

  1. Winning it playing the games
  2. Paying for it with real money
  3. By accepting offers from third parties who agree to give the gamer virtual currency so long as that gamer agrees to try a product or service. This is done through an “offers” provider — a middleman that brings the companies, Facebook, and the Facebook game maker’s users together.

Blue Cross Blue Shield opposition to healthcare reform

It’s this third method that an anti-reform group called “Get Health Reform Right” which is funded and directed by mega-insurer Blue Cross Blue Shield according to SourceWatch is using to pay gamers virtual currency for their opposition to health-care reform. This practice of paying people to act like political supporters is called “astroturfing,” because of the fake grass-roots campaigning. The Insurance Companies’ Political Action Committee astroturfing is targeting women in their 30s and 40s and teenagers of both sexes who tend to be Facebook gamers according to Business Insider.

Instead of asking the gamers to try a product, “Get Health Reform Right” requires gamers to take a survey, which, upon completion, automatically sends the following email to their Congressional Representative, including:

“I am concerned a new government plan could cause me to lose the employer coverage I have today. More government bureaucracy will only create more problems, not solve the ones we have.”

Under the “Who We Are” tab on GetHealthReformRight.org (appears down on 12-10-09) the following organizations are listed:

rb-

This practice is not illegal. Most EULA’s are so broad, ambiguous, and slanted toward the vendor that most anything is possible. The ethics of this practice are pretty shady in my opinion. Based on the list of companies that back GetHealthReformRight.org. I find it extremely hard to believe that these insurance companies have nothing but their own best interests in mind.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , ,