What Anthem Taught Us About Monitoring Information Security
Nick Gagalis | February 17, 2015
In late January, Anthem announced that it had been breached, compromising data from80 million people. It is the largest publicly-disclosed breach of a healthcare company.
Although Anthem’s network was initially believed to be breached in January,Brian Krebs reportedthat the breach could have started back in April of 2014. Krebs also said the attack included a phishing campaign in May of 2014.
No matter when or how a company discovers a breach (through its own work or a third party like the FBI), it’s important to act quickly in order to limit the damage caused by the attack. Damage control is an important element of information security.
The Healthcare Industry’s Information Security Performance
As you can see in the table above, the healthcare industry is still behind Finance and Retail. It has the same rating as Utilities, and is just barely ahead of Government. (Healthcare was also struggling in a BitSight Insights report published last May.) Although our ratings are not predictive, we do believe that poor security performance is an indicator of greater security risk and should be cause for concern.
Watch BitSight Executive Vice President, Tom Turner, speak about the security performance of the healthcare industry in thisCBS Evening News piece.
Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...
On March 4th, BitSight released
Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and
manage their security performance in relation to their industry...
While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals...