What the Anthem Hack Means for Security
This piece was originally published on the Medlert Inc. blog.
Last month, hackers broke into Anthem Inc, the second largest health insurance company in the United States. The hackers stole personal information from 80 million people, including Anthem’s CEO, Joseph Swedish. The latest estimates suggest the breach will cost Anthem $100 million to remedy.
Reports vary on what weaknesses were exploited by the hackers. Some point to an internal breach because of a lack of data encryption. Others argue that encryption was not required and was not the fundamental problem. In Fierce Healthcare, Joseph Smith, a retired CIO of Arkansas Blue Cross and Blue Shield, suggested that poor data security habits on the part of Anthem employees was a contributing factor.
Every day at Medlert Inc, the Medlert Connect platform is moving important patient information between mobile and cloud infrastructure to schedule non-emergency, medical transport for patients. The security and HIPAA-compliance of our platform is top priority. I sat down with Ernest W. Semerda, Medlert co-founder CTO, to discuss his views on the Anthem hack and what it means for Medlert.
Invest in Research & Development (R&D)
Semerda suggested that when it comes to keeping personal health information secure, ongoing company investments in research and development are essential.
“Traditionally, security breaches are the result of lack of technology focus. Technology implemented over a decade ago over time receives little attention. In the modern world old implementations rarely stand a chance in protecting data. Vulnerabilities are discovered daily in all facets of technology. Just because something worked then, doesn’t mean it will always work,” said Semerda. “The failure to continue investing in technology leaves doors open. All it takes is an intruder to test these old doors with a simple knock.”
View Engineering as an Investment not a Cost Center
Semerda pointed out that before a company can invest in R&D, it must view its Engineering department as an Investment, not a Cost Center.
“It is a common story. A successful business having lost the sight of its technology foundations,” said Semerda. “Viewing technology as a cost center creates a culture of shortcuts just to meet the budget. Shortcuts leave doors open to security breaches in software or in process. The shortcuts don’t pay off. They hurt the brand and reduce customer trust. Especially when it’s related to a simple preventable issue as password encryption.”
Proactive investments in the engineering department and in technology upgrades are some of the best ways to stay on top of security-related issues.
Foundations Set the Stage of What’s to Come
Semerda went on to point out that there will continue to be more security breaches like the ones aimed at Anthem. It’s unavoidable. For large companies creating better, more secure systems demands a mentality shift in company leadership.
“It means having leadership who understands technology and its impact to the business as a whole, not viewing it as an afterthought,” Semerda said. “If you build a house on muddy foundations one should not expect stability. Build a house on solid foundations, maintain it, and you can expect stability.”
Our Approach to Security: Embedded in our DNA
Semerda went on to talk about how as the CTO at Medlert he is very conscious of creating a company culture and a team that thinks about security in every facet of their development & engineering process.
“Security is a part of our DNA and in everything we do. From AES encrypted data that moves over secure connection between devices to storage on encrypted drives in our HIPAA compliant virtualized data center,” said Semerda. “At Medlert, I am very insistent that security shouldn’t be an after thought but it should be a part of everything we do daily.”