Being proactive when it comes to information security is essential. One of the nation’s largest health insurers is showing us that constant diligence can prevent a hack job from going from nuisance to disaster.
CareFirst Blue Cross and Blue Shield recently announced that personal information from more than a million customers had been hacked. On the surface that sounds horrific. But there are silver linings in this story. First, the information that was stolen was mainly names, birth dates, email addresses and insurance ID numbers. While no one wants this info on the open market, these identifiers are a lot less helpful to would-be identity thieves than social security numbers, credit card numbers, passwords and medical information. Even so, the company is going to offer free credit monitoring and identity theft protection for two years for all of the people involved.
The most interesting thing about this hack is how it was found. In June of 2014 CareFirst detected a problem in the system, found it and dealt with the threat. But it turns out the hackers left behind hidden backdoors that remained after the “fix” that would let them back into the system later – undetected.
This second attack could have gone unnoticed for a long time, except CareFirst decided to be proactive. After hearing about attacks on other insurance providers, they hired a company to do a thorough sweep of their system. That’s when they found the breach and got the FBI involved.
This event shows once again that it takes constant diligence to maintain a safe network. It’s something we take very seriously here at EBI, and it’s the reason we work so hard to maintain our ISO Certification 27001:2005 for Information Security. We protect the confidentiality, integrity and availability of all personally identifiable information in our care. Whether you run a huge insurance provider or a background screening firm, it takes constant monitoring and continual improvement to secure the safest systems.