Contact Us
01952 608908

To help reduce spam, please enter CYPNK into the box below:

close »
ADISA Certification Blancco NHS Information Governance Toolkit ISO 27001 ISO 14001 ISO 9001 BS EN 15713 CESG Contractors Health & Safety Assessment Scheme

Anthem Data Breach: Health Insurer Failed to Encrypt Data that was Stolen in Industry's Biggest-ever Hack

Leaving information unencrypted makes it much easier for cyber-attackers to read information

The information that was stolen from Anthem in the biggest health-insurance cyber-attack ever last month was left unencrypted on the company’s servers, according to reports.

The data stolen related to the records of millions of customers and employees, Anthem said this week. While the hackers don’t seem to have had access to health records, the information stolen included names, birthdays, social security numbers, addresses and employment information, all of which could be used for fraud.

Failing to encrypt the information means that hackers will be able to look through the information much more easily. But because encrypting and then removing encryption from files is a slow process, it would have made it harder for the company to share the information with the various groups that it works with.

Anthem encrypts the information when it’s moved into or out of its database, but not when it is there, it told the Wall Street Journal, who reported the lack of encryption. Instead it uses other methods, “including elevated user credentials, to limit access to the data when it is residing in a database”, a spokesperson told the WSJ.

In a letter announcing the hack, the company said that it is “working around the clock to do everything we can to further secure your data”, CEO Joseph R Swedish wrote.

While encrypting the data would probably not have stopped the hackers from gaining access to the information — which was done using stolen employee logins — it would have made using it much harder.




To read full article, click here 

Anthem Data Breach: Health Insurer Failed to Encrypt Data that was Stolen in Industry's Biggest-ever Hack

XPO IT offer an efficient and flexible collection service for the District Council IT disposals. They provide a Duty of Care Waste Transfer Note and Certificate of Disposal for every collection. Collection staff are always courteous and friendly and go about their work without causing any disruption to my working day

E-Business Admin Assistant, District Council

Glad we found out about this company. Now I can be assured that our redundant IT equipment is being correctly handled and we can get rid of our smaller WEEE waste streams in parallel

Purchasing Manager, Automotive Equipment Supplier

We have used the data destruction services of XPO IT on a number of occasions and have been exceptionally pleased with their levels of service, efficiency and customer care

IT Manager, Nottingham Solicitors

XPO have always provided a high quality service.  Reliable, efficient and easy to use.  Always on time and professional with the disposal of equipment

Property Consultant, Birmingham Property Consultancy

We have used XPO IT Services on numerous occasions, each time we have been very pleased with the service that they provide. Their collection/recycling scheme is the best we have used (and we have used a few!). Great service and great value for money!

Senior IT Technician, Staffordshire Hospice

Get in touch

Leave your details below and we will be in touch

Please enter YQSDM into the following box: