I was stunned to read that the Anthem hack involved up to 80 million records, including names, birth dates and social security records. This data set is like gold apparently on the black market. We read technical analysis by experts like the OTA defining 12 step programs to prevent such attacks. Others point to the lack of encryption.
Let us ask a more fundamental question: Is there some immutable law that says my social security number and other records absolutely must be reachable via the internet?
Thirty years ago of course none of this would have been possible. The “hackers” would have had to perform a physical break-in. Now I’m not suggesting we go back to a pre-online lifestyle, but just wondering if my refrigerator, my dog, AND my social security number must be in the cloud 24/7.
If Anthem can’t survive without having this information somewhere then fine: put it on a private network. And by private I mean NO PHYSICAL PATH – AT ALL – TO THE INTERNET. Yes, that means their employees couldn’t reach it from Starbucks or at home. But then either could the “sophisticated” hackers.
OK I can hear some of you saying that in today’s era an absolute physical barrier is just not practical to which I offer Anthem this advice: DON’T BE INCOMPETENT!
If these 80 million records are worth $25 or more on the black market we have a theft worth 2 BILLION DOLLARS! If Anthem would have had $2 billion in cash on campus, do you think they’d be watching it kind of carefully?
So then why when 80 million records start heading OUTBOUND from the network there aren’t all kinds of lights flashing and alarms going off? Is this not possible to detect? I think it is possible and Anthem SHOULD HAVE SEEN IT IN REAL TIME!
Here is the statement on anthemfacts.com.
“Anthem was the target of a very sophisticated external cyber attack. Based on what we know now, there is no evidence that credit card or medical information were targeted or compromised.”
Really Joe? “Very sophisticated”? So does that mean you can’t stop it from happening again?