In the wake of the Anthem breach, hackers continue to target the healthcare industry. At the close of May, CareFirst BlueCross BlueShield reported a data breach that was initially discovered last year; however, when the incident was first noticed, the company believed they had adequately taken care of the problem. CareFirst said at the time it was believed they “had contained the attack and prevented any actual access to member information.” Unfortunately, ten months later, CareFirst discovered that the breach had, in fact, continued.
Information on about 1.1 million individuals was affected by the breach, which CareFirst discovered during an information technology security review conducted in the wake of the attacks on Anthem and Premera. In June 2014, according to CareFirst, hackers gained access to a single database where CareFirst stores data that is entered by members and other individuals in order to access the company’s websites and online services.
This incident offers a clear lesson to other organizations: it is time to review their security procedures and address gaps in protections before it is too late. Healthcare data is obtained and stored by a variety of entities that are expected to be aware of and acting to prevent these types of risks. Healthcare data is extremely valuable to criminals, as it can be re-packaged and sold for a number of different criminal campaigns. In light of these most recent attacks, we are encouraging all our clients to conduct an internal audit of the security protocols and implement HIPAA policies and procedures to prevent exposure to new threats in the technological world.
If you have questions or would like to discuss your HIPAA compliance questions, please contact a member of the McGrath North Privacy and Data Security team.