Today I received a distressing letter from Anthem Inc., the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, informing me hackers had stolen my personal information.
They report, "The information accessed may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses and employment information, including income data."
Even scarier is the following self-serving legalese conjecture:
"We have no reason to believe credit card or banking information was compromised, nor is there evidence at this time, that medical information such as claims, test results, or diagnostic codes, was targeted or obtained."
Yeah right, just how do they justify this specious assertion considering hackers had full access to Anthem's database?
The letter reveals the attacks occurred in early December 2014, some twenty years after HIPAA laws were enacted, which begs the question as to why Anthem chose to ignore compliance for all this time. Was it a calculated decision based on HIPAA's inequitable yearly maximum penalty of $1.5 million, imposed on private medical practices and giant mega corporations alike?
The expense of simply encrypting sensitive data just isn't all that costly. I am hard pressed to explain Anthem's motivations for such gross negligence, aside from pure avarice. Reader's illumination and edification are most welcome.
But doesn't Anthem have a fiduciary responsibility to protect their customers sensitive information? Why hasn't the Department of Health and Human Services, the agency responsible for HIPAA enforcement, performed their pledged audits on billion dollars monopolistic health care insurers like Anthem?
As an IT professional, it is incomprehensible systems designers, and management didn't consider encrypting the sensitive data hackers now posses. Anthem's letter declares they have now hired one of the "world's leading cyber-security firms to strengthen the security of our systems.", but offers scant solace to those of us whose private, sensitive information is now in the hands of nefarious scoundrels.
 |
| Even Stalin believed in universal healthcare |
Isn't it time our government cracked down on the now ubiquitous security failings of hugely profitable companies, enacting laws with alligator teeth, rather than those that encourage them to "thumb their noses" at our secrecy rights?
Ron Tornambe has provided IT consulting services to an international clientele for over twenty-five years. He now specializes in HIPAA compliance.
No comments:
Post a Comment