[ISN] Key Takeaways From the Premera Data Breach

http://healthitsecurity.com/2015/03/23/key-takeaways-from-the-premera-data-breach/ By Elizabeth Snell Health IT Security March 23, 2015 Last week, the Premera data breach announcement further pushed the data security of healthcare organizations into the limelight. The health insurer stated that approximately 11 million members’ sensitive information, including PHI, was potentially exposed after a “sophisticated cyber attack” infiltrated its system. Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. are all potentially affected, with applicants’ and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers put at risk. Moreover, member identification numbers, bank account information, and claims information, including clinical information, were all potentially exposed. ncidents like this are likely to cause healthcare leaders to review their incident response procedures, according to Dan Bowden, Chief Information Security Officer for the University of Utah, University of Utah Health System. Many organizations are already working on their malware defense capabilities, Bowden said, but the two large scale breaches over the last couple of months further underline the importance of incident response. “There is no absolute to tell your consumers that there is no possible way their data will not get breached,” Bowden said. “We have people come to work every day trying to do the right thing and people make mistakes.” For example, an employee could open an email that lets malware into the healthcare’s system. […]