Anthem breach: Vendors never let a good crisis go to waste

Given this week’s news of a potentially huge security breach at insurance provider Anthem, security vendors of all types are eager to give advice, and, oh, get their company names in front of affected consumers or (better yet) other big companies spooked by what happened to Anthem.

The [company]Anthem[/company] breach, in which hackers accessed names, addresses, birth dates, medical ID numbers and social security numbers of customers, could affect up to 80 million people.

So, what could Anthem do better going forward? According to what showed up in my inbox, it should apply file-level protection (Varonis), use fraud detection and behavioral analysis (NuData Security), apply cloud-based security (Zscalar) and speed up disclosure and response (Co3 Systems and Incident Response Management Systems). You get the picture.

Given that no one outside of Anthem, its vendors and maybe the hackers, actually knows what systems it had in place, it seems rather presumptuous for security vendors to insert themselves as would-be saviors, but such is the way of corporate PR.

And now for the real victims

So now that we know what security companies thinks other customer-facing vendors should do — which is basically, “buy our stuff” what about the  poor schlubs whose information was stolen? What are they supposed to do? Well there was the usual advice from the National Consumers League and others.

People should be more suspicious than usual of email from unknown people — bad guys use email to launch phishing attacks. Don’t open messages from anyone you don’t know; don’t click on links in email unless you’re sure where it will take you (hover over the link to see if the URL looks legit); don’t respond to odd email if you happen to open it. Stop reusing passwords across sites or, better yet, get a password manager. Use two-factor authentication. Yaddayaddayadda.

If you suspect credit card fraud, get your credit reports or credit score updates (Credit Karma is a good and free service), although, as NBC reported, the credit agencies will not catch medical identity theft. In that scenario, a person’s purloined medical ID number could be used at hospitals, ERs and pharmacies to get care and drugs, “racking up charges and wrecking victims’ medical records.”

The best way to detect medical ID theft is to scrupulously check your Explanation of Benefits documents each and every time. And make sure to shred all medical documents.

At this point, given all the breaches at Target, Home Depot, JPMorgan Chase and now Anthem, it’s probably safe to assume that some of your information is already “out there,” so do as much as you can yourself to protect your assets. No vendor is going to do it for you.

Another big data breach, this time at insurance company Anthem

Anthem, the nation’s second largest insurance provider, was hit by hackers who stole lots of customer data including names, birth dates, medical IDs, social security numbers, snail-mail and e-mail addresses, and employment information —  but allegedly no credit card or medical information, the company said. Although with all that other information out there, that may not be much comfort.

In a letter to customers, Anthem CEO Joseph Swedish acknowledged that his own information was stolen but said there is no evidence that credit card or medical information were compromised. [company]Anthem[/company], formerly known as [company]Wellpoint[/company], posted more information here for customers.

Little is known about which of the company’s databases or applications were hijacked, but Anthem said all of its businesses were affected. And there was the usual butt-covering: Swedish said the company “immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.” Anthem also characterized the breach as a result of “a very sophisticated external cyber attack.” But, seriously, what else would they say? As a couple wiseguys on Twitter put it: “It’s better than saying you left the front door open.” Or the keys on the visor.

Anthem also said it hired Mandiant, a sort of cybersecurity SWAT team, to assess its systems and recommend solutions. Cybersecurity specialist Brian Krebs has more on the potential impact.

The topic of the breach came up during a call earlier today during which the White House discussed its interim report on big data opportunties with reporters. The gist was that Anthem appeared to have notified authorities within 30 days of finding the problem, which is what the White House would stipulate in bills it is formulating.

The security of healthcare data is of particular concern — and preserving patient privacy was the impetus behind HIPAA and other regulations. But, as Gigaom pointed out earlier this year, that data security may be as much fiction as fact.

The benefits of consolidating digital patient data in one place so that a patient or her doctors can access it spells convenience for authorized users, but that data conglomeration also offers a compelling target for bad guys.

At this point it would be natural for a given consumer to feel both spooked and jaded by these security snafus. Last year alone, there were major breaches at Target, Home Depot, and JPMorgan Chase, affecting hundreds of millions of people in aggregate.

Lowe’s adds to its Iris smart home device portfolio

Fans of the Lowe’s Iris smart home platform can now automate their pet doors, garage doors, hoses and window blinds. The hose timer is actually pretty interesting, especially for folks that might not have an irrigation system or just want to water some plants while they are on vacation. The automated blinds will likely also prove popular. Lowe’s has been offering the Iris platform since 2012, and was one of the first DIY providers in this market, but this summer Home Depot has gotten aggressive offering the Wink platform and a variety of other connected devices.

Cree launches an LED bulb for under $10

The LED chip and component maker has launched a line of low cost LEDs that it thinks could be a game-changer for consumers buying LED bulbs. The cheapest retails for under $10.