If you didn’t hear it on the news, you probably got an email from Anthem letting you know that your personal information has been exposed in a massive data breach that impacts over 80 million people served by the medical insurer. According to Anthem’s own website established to address this breach, no medical records or credit card information was stolen (that they know of) which is a faint blessing in the face of what was stolen: names, addresses, birthdates, social security numbers, phone numbers, email addresses and employment history. In other words, everything a thief needs to steal your identity.
What this means for you:
As before with other large data breaches, there’s not a darn thing you could have done to protect yourself from the attack. If you just happened to not be a current or former Anthem-covered individual, it’s likely your information was stolen previously in any of the numerous other breaches from last year. Anthem will be offering free credit monitoring to all affected individuals, something that is going to sting their deep pockets signicantly, but will do little good in the long term. Why? Well, unlike credit card numbers, addresses or phone numbers, 80 million people aren’t going to change their names, dates of birth or social security numbers. Identity thefts can outwait the one year of monitoring (still unconfirmed, one year is my guess) that Anthem will provide. You can bet a large number of people won’t continue that service on their own dime, but you might want to consider factoring this type of fee permanently into your annual budgets. Or at least until someone can figure out how to secure our identities and credit better.
From a business standpoint, Anthem’s plight illustrates an important lesson. Though current legislation recommends this sort of data be encrypted, it is not a requirement. Shouldn’t Anthem have taken the extra step to protect your data? Does the government need to mandate common sense and best practice? Will Anthem’s current nightmare convince you to enforce more strict security practices in your own work and personal life? I don’t think you need me to tell you that if you want a prosperous and sustainable business protecting your sensitive data is no longer a recommendation, it’s a requirement.