When Do We Say Enough Is Enough?

Recently Anthem Blue Cross Blue Shield announced that the ‘private’ information of up to 80 million customer was stolen. It wasn’t anything about medical history taken, just all their customer’s personal data. You know, the stuff that can be used to fake someone’s identity and make their life a living hell?

If that wasn’t bad enough, they then announced that the information stolen was not encrypted because it is not required by HIPAA.

Nice try Anthem. You can’t get away with trying to blame someone else for YOUR shortcoming in protecting YOUR customer’s information.

You even go so far as to say:

Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack…

Joseph R. Swedish - President & CEO - Anthem

Yet, somehow these ‘state of the art’ information security systems didn’t encrypt the data while it was all consolidated and at rest. You know, the goldmine of data. It is all neatly organized and pulled together into one place for convenience. Turns out it wasn’t just for your convenience.

Since when did a company need an outside source to tell them that they need to properly protect sensitive customer data?

I’m also looking at you Target, Home Depot, and every other company that has customer data and doesn’t seem to think there is any reason to worry about what could happen, until it does.

Let’s Make This Easy

Here’s a simple flow chart to help you determine if you should protect customer’s data properly:

A very simple flowchart to determine if you should protect your data

This isn’t rocket-surgery!

Really it isn’t! A lot of database systems out there have options and features already to enable encryption and other protective measures to ensure the data is safe while in motion, and shocking as it may sound, at rest too.If your database system doesn’t have that, there are entire companies committed to providing that protection as a third party tool.

If you are a company that has customers, you need to step up and get a little more pro-active with protecting our information. I’m sure, with all that has been happening as of late, if your website or interfaces wind up going just a little slower because it is secured the majority of your customers would be fine with it.

After all, it’s not like you are rushing to get protective services to the customers in the aftermath. I mean come on! Anthem is snail mailing their customers with details on how to obtain free credit monitoring and identity protection services from them. Nice, but that still leaves plenty of time for the stolen data to be used before the customer can get anything into place.

Is it seriously just about the bottom line?

It sure seems that way. Forget about the customer. Geez, we have 80,000,000 of them! Just get the systems going as fast as possible so that people don’t complain and go to someone else with their money! It’s high time companies start treating us all like humans again, not just numbers stored in an improperly secured database, and to protect their data. Our data.

The post Enough Is Enough! Why Do We Have To Be At Risk? appeared first on WaterOx Consulting.