"As I mused, the fire burned"

Reflection on life as a person of faith.

Major Data Breach – USA Health Care Insurer

leave a comment »

This is outside my usual realm of interest – but I’ve been reading up on computer security and encryption schemes for a project I’m managing at my day job. This chap’s blog (Brian Krebs) is very interesting, and I was shocked to read about a data breach involving up to 80 million records including name, address, birth date and social security number.

Krebs writes:

Then again, maybe this breach at Anthem isn’t as bad as it seems. After all, if the above data and pundits are to be believed, the attackers were likely looking for a needle in a haystack — searching for data on a few individuals that might give Chinese spies a way to better siphon military technology or infiltrate some U.S. defense program.

Perhaps, as Barger wryly observed, the Anthem breach was little more than the product of a class assignment — albeit an expensive and aggravating one for Anthem and its 80 million affected members. In May 2014, the aforementioned Southeast University Professor Song Yubo posted a “Talent Cup” tournament challenge to his information security students.

Truly a ‘brave new world’.  In an era where data is increasingly stored in contracted data centres (sometimes outside the country of origin), we will see this sort of intrusion more frequently.  The use of a data centre is good for efficiency reasons, but it also concentrates lots of data around a single node.

From the health insurer’s CEO:

…we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data…

It’s obvious that ‘state of the art’ isn’t what it once was…or is that simply an easily dropped and equally trite platitude that really means little without some evidence of whose ‘state of the art’ the security systems are built around.  Krebs suggests that the data breach began back in April, long before Anthem detected the intrusion.  That suggests to me that ‘state of the art’ would not be a good descriptor of the audit system in place to detect unauthorized access.

Most frightening for a consumer is our total lack of control over what standards are put in place to protect our personal information.  For example, you have the option to not register for a website (like facebook), or if you do register there is nothing obligating you to use your real birth date.  You can also adjust the security settings in fb to limit who is potentially able to access your data.

Not so with your health insurer or your government health records – and we have no idea what level of security Blue Cross has implemented in its data centres.  It might be the best available, including full encryption of all stored data, or it might be the minimum possible complete with system administrator’s accounts protected with weak passwords.

The initial evidence suggests that the hack of the US company, Anthem, was carried out by state-sponsored hackers in the PRC.  We live in interesting times.

As a footnote to this reflection, we just had our second debit/credit card compromise in three months.  First was my credit card, second was my wife’s debit card.  Mine was probably due to an on-line compromise, or through HomeDepot.  My wife’s was most likely a debit skimmer scam.  This blog has a really thorough overview of all the ways skimmers seek to compromise your data.  While we’re a bit better in Canada because of the use of chip-and-pin cards, as long as retailers continue to accept swipe-and-pin there will be paths to compromise your data security.

Advertisements

Written by sameo416

February 9, 2015 at 8:55 am

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Urbane Adventurer: Amiskwacî

thoughts of an urban Métis scholar (and sometimes a Mouthy Michif, PhD)

Joshua 1:9

Reflection on life as a person of faith.

Engineering Ethics Blog

Reflection on life as a person of faith.

asimplefellow

Today, the Future and the Past all kinda rolled up in one.

istormnews

For Those Courageous in Standing for Truth

âpihtawikosisân

Law, language, life: A Plains Cree speaking Métis woman in Montreal

Malcolm Guite

Blog for poet and singer-songwriter Malcolm Guite

"As I mused, the fire burned"

Reflection on life as a person of faith.

%d bloggers like this: