Anthem inc. formerly known as WellPoint is the largest company in the Blue Cross and Blue Shield Association. It has been the victim of a serious cyber attack. The Hackers gained “unauthorized access” to its servers and stole personal information including medical identification and Social Security numbers. American health insurer Anthem claimed that they were the victims of a very dexterous hack. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records.
The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) wanted to audit Anthem’s information security protections but they turned down. According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG but Anthem continuously ignored these audits.
Now the question arises whether Anthem should be blamed for acting negligently in protecting data. According to U.S. Federal Trade Commission, Anthem failed to institute industry “best practices” as defined by the industry.
Avivah Litan, a cyber security analyst at Gartner, said that she does not think that Anthem should be blamed for the stolen data. As there is a conviction that hackers always will be able to break into secure systems.
Anthem informed their customers to make it tough for the attackers to sell and exploit the data. Customers are now aware so they won’t make any attempt to use their information.
The hackers have access to the customers’ name, date of birth, and address. They can take all the information and use it for creating fake driving license and commit a crime. Regulators must take into account such technologies as they pursue to figure out how to make the customer data secure.