Business Incidence at Anthem Blue Cross and Blue Shield - Case Study Example

Anthem Blue Cross and Blue Shield By: Professor: Class: University: City: State: Date of submission: Anthem Blue Cross and Blue Shield Introduction Business entities across the world are increasingly integrating technology into their operations to enhance efficiency levels. Nonetheless, most of these businesses have failed to consider the challenges associated with technology including the data breach issues. Locally and internationally, disasters affect business operations irrespective of the scope of operations. In addition, institutions are implementing technological practices without seeking the advice from the experts to assist in protecting of the organizational database. Management scientists and experts from the information and technology argue that incorporation of technology into the business is important; however, there are various illegal activities especially data breach that affects organizational performance. In this report, the business chosen is Anthem, which is the second largest health insurer in the United States that experienced massive cyber attack (Japsen, 2017). The business lost a huge sum of money while compensating the customers and experienced a decline in the customers’ trust. The incident occurred in February 2015 and led to the loss of personal information of about 78.8 million customers. According to Anthem, the cyber attack exposed the various elements of customers’ information including the dates of birth, social security numbers, names, histories of employment, and addresses. Such information is important in stealing the identity of the customers. Anthem Blue Cross and Blue Shield Anthem is working towards the transformation of healthcare through caring and trusted strategies. The business delivers quality services that offer members access to the care systems required. The vision aims to be the America’s valued health partner through its value pillars: trustworthy, caring, and innovative, accountable. For most customers, insurance is complicated; however, the business offers simple terms and straightforward answers regarding health coverage (Anthem Blue Cross and Blue Shield, 2017). In the recent years, there has been an increment in the number of investors coming into the industry, which increases the level of competition; as a result, the business is keen on partnering with international entities as affiliates: producers, employers, and providers. In addition, due to increased cases associated with health insurance, the government has been keen on implementing policies that regulate the industrial practices to protect the customers. Business Incidence at Anthem Blue Cross and Blue Shield Anthem Blue Cross and Blue Shield are one of the insurance businesses that was at the forefront within the industry to integrate different elements of technology. The business experienced a cyber attack in which the hackers infiltrated organizational database to steal important facts such as the names, social security figures, home addresses, and different important information that affected the repute of the trade within the market. Both Anthem Blue Cross and Blue Shield and the industry have limited capacity to control the damages from such incidences. Therefore, the main question from the consumers is the ability of Anthem Blue Cross and Blue Shield and businesses with the healthcare industry to manage the volumes of data they accumulate. Such data breach has been considered a footnote since its occurrence. Various factors overshadowed the business’ large-scale breach including the pending acquisition of Cigna Corporations and various high-profile healthcare digital attacks. Furthermore, there are unresolved cases associated with further disclosure of the known issues. Despite the negative effects of the data breach, the business has not been able to establish the reason behind the attack. The Federal Bureau of Investigation (FBI) continues to investigate the attack with no evidence so far that the data of Anthem members have been used, sold, or shared fraudulently. It is alleged that there are no credit cards and medical information stolen from the database and to establish such claim; Anthem conducted two years to monitor the credit cards considered to have been affected. Even though the investigations have not been able, the source of a data breach, some of the reports links it with the Chinese hackers which the FBI has failed respond on (Hiltzik, 2015). According to the findings of the California Department of Insurance on the security breach at the Anthem, it revealed that about 78.8 million records of the consumers were affected. From such attacks, the business agreed to make certain improvements to information security systems and ensures adequate credit protection to the customers whose information was compromised. As its remedial strategies, Anthem has paid $260 million to improve security. The attack on the business is one of the largest cyber attacks on the customer data within the insurance company. According to California Department of Insurance, it is the obligation of the insurers to ensure the protection of customers’ health and financial data. The business first discovered the attack on January 27, 2015, but later announced that the business and associated affiliates had suffered a major breach in February 2015 that compromised more than 78.8 million records of the customers. According to Anthem, the attack resulted from highly sophisticated external attacks with law enforcement agencies working to identify the perpetrators. In a bid to unearth the perpetrators, the business retained Mandiant, which is one of the leading cyber security businesses to assist with the investigations. Anthem joins the list of insurers that have experienced cyber attacks in the recent years. In the previous, Target shoppers lost about 40 million credit cards to the hackers who stole important information such as names, email addresses, phone numbers, and physical addresses for more than 70 million customers. The affected people are both current and former members of Anthem health plans (Riley, 2015). In addition, non-members are also affected since the business manages the paperwork for many independent insurance businesses. It is important to note that hackers before execution of the attack, they always use latest programs and technological parameters which make it difficult for the security agencies and businesses to control their activities. Within Anthem Blue Cross and Blue Shield, the hackers infringed the organizational database and implanted a software that had the ability to capture important customers’ information which they further used to infiltrate critical organization data. In addition, the hackers never trace a trace for tracking them, which reveals their high levels of unity. The business failed to heed to the needs of the customers who needed compensation for the damages witnessed by the customers; as a result, there were several lawsuits against the business from the customers. Business Responses to the Incident To control the situation, the business hired Mandiant and FireEye, which are cyber security firms, which noted that their work with Anthem was confidential under the contractual obligations. Some reports indicate that the attacks began much earlier; however, the initial attempts were detected and deflated. Whether Anthem improved its monitoring activities is not clear though it took more than six weeks for the business to discover that criminals had breached its security measures. The business was proactive in addressing the breach and notifying the affected customers. The attack compromised about 78.8 million records of the customers. To maintain customer loyalty and trust, Anthem has invested $260 million in progressing its security systems and remedial actions to prevent a data breach. Insurers have the obligation of protecting the records of the customers and their financial information. Based on the analysis of the investigation, the hired team concluded that the cybercriminals were acting as the interim of a foreign government; however, both the insurance companies and regulators have no capacity to stop foreign government assisted by the attackers. Anthem hired Mandiant to undertake internal investigations and found out that the data breach started on February 18, 2014, when one of the business users, within Anthem’s subsidiary opened up a phishing email that contained malicious content. Through opening the content of the email, the hackers had the opportunity of downloading files with the virus into the computers, which enabled them to have access remotely to such computer, and within 90 days, the hackers had access to the whole system including organizational data warehouse. The insurance commissioners hired different examination teams with various cyber security businesses such as Risk Advisory Services, CrowdStrike, and Alvarez and Marsal Insurance. The aim of the team was to focus on organizational pre-breach response preparedness, business’ response adequacy during the attack, and post-breach and correct responses and actions in place. Based on the findings of the team, Anthem had exploitable vulnerabilities. Two weeks after the discovery of the breach, Anthem hired All clear ID that is a consumer credit protection business with an offering credit protection to the affected customers within a span of two years. Furthermore, since the attack was a multi-state settlement, the business decided to offer credit protection to the minors. In the aftermath of cybercrime, Anthem has spent a huge sum of money to boost its security which most of the reports on the attack suggest that organizations need to note such activities and integrate IT security budgets in their costs. Based on the reports from the commissioners, Anthem had implemented two-factor authentication on various tools of remote access, improved the logging resources to various security events, and deployment of privileged account management solutions (Anthem Blue Cross and Blue Shield, 2017). Moreover, the business undertook a complete reset of the passwords of the privileged users, ensured suspension of various remote access, and the creation of new Network Administrators Identifications to replace the current ones. Anthem also acquired more technological parameters with the aim of improving its monitoring ability in its database. The plan also highlighted initially; Anthem had exploitable vulnerabilities; however, after the occurrence of a data breach, the business developed a remediation plan to ensure that it addressed such issues. It is evident the improvements undertaken on the cyber security protocols with Anthem and its planned future enhancement to be reasonable in securing the environment beyond the earlier data breach. According to Cynergy Tek, a security consulting business, Anthem is making the appropriate steps towards bolstering its security. The investigations reveal that most businesses are vulnerable to cyber attacks especially with increased integration of technology to improve business efficiency. Therefore, it is important that businesses clean up and tighten their access control strategies and ensure proper valuation of the two-factor authentication. International cybercrime consultants revealed that foreign governments do not breach data with the aim of stealing identities on a large scale; however, the rogue operatives have on different occasions used the information for criminal activities. According to California insurance commissioners, the security protocol used in the business was its shortfall though it was typical due to its size and reduction of the issue fines (The California Department of Insurance, 2017). In addition, Anthem promptly responded to the situation through ejecting the intruders with three days and ensuring adequate notification of the affected customers. Some of the customers failed lawsuits citing that they were affected which painted the business as the ripe target for the hackers. Audit on the business’ security system found that the business allowed many of its employees to access the database though they lacked proper experience on how to handle the phishing emails. However, on noticing the attack, the business notified both the public and the customers through the state regulators, mail, news releases, and websites. In addition, Anthem cooperated with the insurance regulators since the discovery of the breach and took the security of information, both for the business and consumers, seriously and is committed to the protection of data of the customers. Conclusion With increased demands and ever-changing needs of customers, businesses are keen on employing technology to enhance the efficiency of the operations; however, most them have failed to conduct their vulnerability to cybercrime activities. This is the case experienced with Anthem Blue Cross and Blue Shield, which experienced data infiltration in its database, which saw the criminals stealing the names, addresses, social security numbers, employment histories, and dates of births of about 78.8 customers. FBI and Canadian Insurance Commission took over the case to establish the motive behind the attack; however, their reports failed to reveal the source of the business attack. On the other hand, some reports have linked the attack to the Chinese hackers. Despite Anthem becoming a victim of the cyber-attack, it had various security measures to protect its database though the attackers exploited the failure of the business to teach its employs on dangers associated with phishing emails. On noticing the attack, the business informed both the public and the customers through various media platforms. Some of the customers resorted to filing lawsuit against the business referring to the business as a ripe target for the hackers, which greatly affected the reputation of the business. References Anthem Blue Cross and Blue Shield. (2017). Anthem Blue Cross. Retrieved May 1, 2017, from https://antheminc.com/Companies/AnthemBlueCross/index.htm Anthem Blue Cross and Blue Shield. (2017). Anthem Health Insurance, Medicare, & Group Health Plans. Retrieved May 1, 2017, from https://www.anthem.com/# The California Department of Insurance. (2017). Investigation of major Anthem cyber breach reveals foreign nation behind breach. Retrieved May 1, 2017, from http://www.insurance.ca.gov/0400-news/0100-press-releases/2017/release001-17.cfm Hiltzik, M. (2015). Anthem is warning consumers about its huge data breach. Here's a translation. - LA Times. Retrieved May 1, 2017, from http://www.latimes.com/business/la-fi-mh-anthem-is-warning-consumers-20150306-column.html Japsen, B. (2017). Anthem Blue Cross Nears 60% Value-Based Care Spend. Retrieved May 1, 2017, from https://www.forbes.com/sites/brucejapsen/2017/04/27/anthem-blue-cross-nears-60-value-based-care-spend/#222fe7ef6fe7 Riley, C. (2015). Insurance giant Anthem hit by massive data breach - Feb. 4, 2015. Retrieved May 1, 2017, from http://money.cnn.com/2015/02/04/technology/anthem-insurance-hack-data-security/ Read More