Are Your Insurance Records a Hacker's Delight?
Retailers are ripe targets for cybercriminals. However, they're now shifting their attention to insurers. Recent data heists at two
medical insurance companies demonstrate
both the vulnerability and value of electronic insurance records. According to estimates, criminals accessed 90 million records during
Insurance Data: Why Is It So Appealing?
The two recent attacks are not isolated incidents. Based on one estimate, medical identity theft has nearly doubled in the past year—from
1.4 million adult victims to 2.3 million. And each of these incidents comes with long-lasting repercussions. For example, after one mother
had an Oxycontin prescription taken out in her newborn's name, it remained on the child's medical records for another 10 years.
What makes insurance records so attractive to cybercriminals? For starters, they're a one-stop source of the personal information (name,
date of birth, social security number, etc.) a thief needs to generate fake identities. The black-market value of this data is further elevated
by the inclusion of medical histories; with such detailed information in hand, a criminal can impersonate a patient and file a false claim or
Choosing a Data Security Partner: What to Look For
What can you do to deter this new menace to your insurance records? For starters, review the National Association of Insurance Commissioners
(NAIC)'s recommended data security measures. If a review of these
best practices reveals gaps in your firm's current capabilities, consider engaging an experienced partner.
Here are some qualities to consider if you're looking for a vendor.
Adaptable databases. You want to be certain that your data is securely stored and easily accessible. A flexible partner
should be able to handle all types of data storage formats—paper, tape, disk or cloud.
Strong security and private access. Look for a safe, cost-effective archival service that ensures you have a backup in the
event of a disaster or disruption. A protected partner's network will have multi-tiered firewalls and anti-malware software. In addition,
a vendor should encrypt any data in transit and require multi-factor authentication to access or upload files.
Device disposal. By law, companies must ensure that any forms containing health information are deleted in a manner
that renders them unreadable, indecipherable and incapable of being reconstructed. You've probably considered how to destroy your data files,
but what about the hardware that holds them? A trusted partner should have an
e-waste disposition service that erases all data from a unit before it is responsibly disposed of or resold.
Employee education. You probably have protocols covering employee use of technology, but are your workers following the rules?
If not, you can hire a third party to help review your policies and educate your employees on how to abide by them. Many hacks occur because an
employee opens an infected email or text, so ensuring that your colleagues consider before clicking can dramatically decrease the chances of a
While hackers will always develop new methods to access confidential information, you can prevail against these threats. When you engage a
partner that has a proven track record in the secure storage and destruction of electronic and paper insurance records, you'll ensure your
company can avoid any embarrassing breaches and keep data criminals out of your files.