Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
On March 13, 2015, Anthem, Inc., which is one of the nation's largest health benefits companies providing medical care coverage to one in eight Americans through its affiliated health plans, filed a breach report with the HHS Office for Civil Rights (OCR) detailing that on January 29, 2015, they discovered cyberattackers had gained access to their IT system via an undetected continuous and targeted cyberattack for the apparent purpose of extracting data, otherwise known as an advanced persistent threat attack. After filing their breach report, Anthem discovered cyberattackers had infiltrated their system through spear phishing e-mails sent to an Anthem subsidiary after at least one employee responded to the malicious e-mail and opened the door to further attacks. The OCR investigation revealed that between December 2, 2014 and January 27, 2015, the cyber-attackers stole the electronic personal health information (ePHI) of almost 79 million individuals, including names, Social Security numbers, medical identification numbers, addresses, dates of birth, e-mail addresses, and employment information. Because of this breach, Anthem, Inc. agreed to pay a $16 million settlement to the U.S. Department of Health and Human Services, Office for Civil Rights and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Cybercriminals exploit patient health data in many different ways. Medical records are rich with information that can be used for committing medical identity theft, tax fraud, sending fake bills to insurance companies, obtaining and then reselling expensive medical equipment, and so forth. Stolen medical data is so valuable in the dark web that it can sell for 10 to 20 times more than for the amount paid for credit card data. In fact, stolen medical records of terminally ill patients are especially valuable because that information can be used long after the patient has died. What protections should be in place to protect from the kind of theft Anthem and its customers experienced? How do HIPAA security rules or penalties create an environment that prevents this from happening again? Is Anthem also a victim of theft? Use concrete examples to support your ideas and develop your response

On March 13, 2015, Anthem, Inc., which is one of the nation's largest health benefits companies providing medical care coverage to one in eight Americans through its affiliated health plans, filed a breach report with the HHS Office for Civil Rights (OCR) detailing that on January 29, 2015, they discovered cyberattackers had gained access to their IT system via an undetected continuous and targeted cyberattack for the apparent purpose of extracting data, otherwise known as an advanced persistent threat attack. After filing their breach report, Anthem discovered cyberattackers had infiltrated their system through spear phishing e-mails sent to an Anthem subsidiary after at least one employee responded to the malicious e-mail and opened the door to further attacks. The OCR investigation revealed that between December 2, 2014 and January 27, 2015, the cyber-attackers stole the electronic personal health information (ePHI) of almost 79 million individuals, including names, Social Security numbers, medical identification numbers, addresses, dates of birth, e-mail addresses, and employment information. Because of this breach, Anthem, Inc. agreed to pay a $16 million settlement to the U.S. Department of Health and Human Services, Office for Civil Rights and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Cybercriminals exploit patient health data in many different ways. Medical records are rich with information that can be used for committing medical identity theft, tax fraud, sending fake bills to insurance companies, obtaining and then reselling expensive medical equipment, and so forth. Stolen medical data is so valuable in the dark web that it can sell for 10 to 20 times more than for the amount paid for credit card data. In fact, stolen medical records of terminally ill patients are especially valuable because that information can be used long after the patient has died. What protections should be in place to protect from the kind of theft Anthem and its customers experienced? How do HIPAA security rules or penalties create an environment that prevents this from happening again? Is Anthem also a victim of theft? Use concrete examples to support your ideas and develop your response

Database System Concepts
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
See similar textbooks
icon
Related questions
Question

On March 13, 2015, Anthem, Inc., which is one of the nation's largest health benefits companies providing medical care coverage to one in eight Americans through its affiliated health plans, filed a breach report with the HHS Office for Civil Rights (OCR) detailing that on January 29, 2015, they discovered cyberattackers had gained access to their IT system via an undetected continuous and targeted cyberattack for the apparent purpose of extracting data, otherwise known as an advanced persistent threat attack. After filing their breach report, Anthem discovered cyberattackers had infiltrated their system through spear phishing e-mails sent to an Anthem subsidiary after at least one employee responded to the malicious e-mail and opened the door to further attacks. The OCR investigation revealed that between December 2, 2014 and January 27, 2015, the cyber-attackers stole the electronic personal health information (ePHI) of almost 79 million individuals, including names, Social Security numbers, medical identification numbers, addresses, dates of birth, e-mail addresses, and employment information.

Because of this breach, Anthem, Inc. agreed to pay a $16 million settlement to the U.S. Department of Health and Human Services, Office for Civil Rights and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Cybercriminals exploit patient health data in many different ways. Medical records are rich with information that can be used for committing medical identity theft, tax fraud, sending fake bills to insurance companies, obtaining and then reselling expensive medical equipment, and so forth. Stolen medical data is so valuable in the dark web that it can sell for 10 to 20 times more than for the amount paid for credit card data. In fact, stolen medical records of terminally ill patients are especially valuable because that information can be used long after the patient has died.

What protections should be in place to protect from the kind of theft Anthem and its customers experienced? How do HIPAA security rules or penalties create an environment that prevents this from happening again? Is Anthem also a victim of theft? Use concrete examples to support your ideas and develop your response. 

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Threats
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education
SEE MORE TEXTBOOKS