Filter by Category

Who Insures the Insurer?

Do insurance companies maintain Data Security Breach Insurance?

On June 23, 2010 more than 200,000 Anthem Blue Cross customers received letters informing them that their personal information might have been accessed during a security breach of the company's website. Customers who had pending insurance applications in the system are currently being contacted because information was viewed through an on-line tool that allows users to track the status of their application. Social Security and credit card numbers were potentially viewed. It's one more tumble in a cascade of security breaches that can have terrible consequences for the customers and clients of such a large insurance company.

And of course, this raises an ironic question: Do insurance companies maintain their own liability insurance in the event that their information systems are compromised? As absurd as it may seem at first glance, it's really not a laughing matter. According to the Ponemon Institute, the average cost of a security breach is now exceeding $200 per client record. This would mean that Anthem Blue Cross's breach last month created a liability as great as $40M.

Moreover, there's a ripple effect to organizations that do business with insurance companies that suffer such an information security breach. Each Personnel Department that delivers private employee information to an outside service supplier has an inherent responsibility and liability to its employees.

We all know that the privacy information transferred between companies should use a secure and confidential method of transmission. Yet too many small and medium-sized companies are still using simple FTP (File Transfer Protocol) software that has been proven to be susceptible to the threats of network hackers. And by the time these organizations realize their vulnerability, it's often too late These companies are often performing these FTP transfers below the radar of their IT departments. How does it happen?

Often personnel data is off-loaded to PCs from the main information systems where it is left "in the open" on the hard drives of desktops or laptops. After the data is transferred this residual data is often unprotected, where it's subject to theft or secondary security flaws. Insurance agents - whose jobs are to facilitate the processing of the data with their insurance providers - can also suffer from such breaches. The loss of an agent's laptop - through theft, accident, or routine use of USB thumb-drives - poses additional liability.

There are two readily available strategies to help prevent these kinds of security abuses. The first strategy is to use data encryption technologies that not only encrypt the data, but also record into a secure log detailing when, where, and by whom the sensitive data has moved from the main information database. Crypto Complete offers precisely this kind of encryption capability, and it should be examined by IT professionals as a viable, highly configurable resource for the protection of the company's information assets.

The second strategy is to use a secure method of transfer for the data itself, ensuring that the information is never left in a vulnerable state on an individual's personal computer. By removing FTP access to the data by any employee's PC and channeling the transfer through the secure corporate server, IT can prevent the problem of network hacking from occurring. GoAnywhere MFT is precisely the means of achieving the goal of a secure FTP transfer between companies.

The tragedy of the Anthem Blue Cross breach was the result of a faulty security scheme in the design of its customer service solution. But it is not the only potential failure of data security that can impact its customers and business partners. And, unfortunately, this information security breach is just one of the 356 million reported breaches that have occurred in the US over the last five years.

So who insures the insurer when a data security breach occurs? The real answer is IT itself. And helping IT achieve a better result will be the subject of this blog over the next few months.

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…