In the wake of a hack on health insurance giant Anthem, insurers in the region say they’re doing all they can to protect consumer data.
Anthem, one of the nation’s largest carriers, is facing criticism for not encrypting data, including Social Security numbers and financial information. The breach affects an estimated 80 million customers.
Independence Blue Cross does encrypt its records, but chief information officer Mike Vennera said that’s only one tool to keep records safe.
“Encryption is not a panacea,” he said. “It is part of a layered defense, and it is one important thing to do, but it is not a silver bullet.”
The company brings in outside security experts, Vennera said, repeatedly changes internal passwords, and updates policies to help secure its information. Still, he said, the company needs to remain vigilant.
“I think the one thing we’ve clearly learned from Anthem, as well as Home Depot or JPMorgan Chase, is that this is an evolving threat,” he said. “There is a market out there for corporate data, and hackers are going to go after it, and we really have to work day in and day out and constantly reassess what we are doing.”
Other area insurers did not respond to interview requests regarding encryption standards.
In a blog post, Aetna states:
“Aetna has a robust cyber-security program, and is not aware of any successful data theft from its systems by hackers. Aetna works diligently every day to monitor for threats and modify systems and procedures with leading security measures to thwart attacks and help protect data.”
Some cyber-security experts say the best way to thwart those future attacks may be mandating encryption under federal HIPPA guidelines, despite added costs to the health insurance system.
“Insurance companies want to make sure they have good digital hygiene,” said Rob D’Ovidio, professor of criminal justice at Drexel University.
Along with encryption, companies need to make sure they limit which employees have access to data, he said. But he cautioned the breach at Anthem will likely be repeated, or at least attempted, at other insurers.
“People should not think of it, the questions being, is it going to happen?” he said. “The question is, when is it going to happen?”