The hack of 80 million accounts held by Anthem Healthcare included subsidiaries which you have heard of, such as Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup (which includes TennCare), Caremore, Unicare, Healthlink, DeCare Health. In my opinion, this breach was not just tragic; Anthem’s lack of security was criminal. I do not use that term rhetorically.
This represents one quarter of the people in the U.S. and millions of children who will be dealing with this breach their entire lives. The information taken from Anthem was not even encrypted. It was all stored in plain text for the bad guys to read. Is that because encryption is hard to do? No, you have encryption on your $100.00 smartphone. It is a combination of arrogance and laziness. Since there is no penalty for losing your information there is no incentive to protect it. That has to change. We need to create incentives for corporations to do the right thing. I hope all 80 million people whose information was stolen will sue Anthem so there is a financial incentive to do the right thing. The down side of that solution is that the company will just pass the fines on to their customers. I believe that corporations will not protect consumers unless there is jail time for those who don’t. What I really want is for some zealous prosecutor to find a theory that makes Anthem’s officers criminally responsible for the losses. Jail time might prove to be the best incentive.
Thousands of breaches take place every year. Most are never reported because money was not taken. But think about it, which is more valuable, a credit card number that can be cancelled after a few transactions or a heart transplant? If you were a bad guy would you rather gain access to a person’s bank account with a paycheck or two in it or would you rather gain access to their pension fund?
I have said this many times in this column but I want to repeat it. Your information is not being protected. HIPPA laws say your dentist can’t share your medical information with another dentist without your permission but no one prosecutes them for leaving it all out in file folders in public areas. We are discovering daily that everything about us is stored in unencrypted files in government and corporate computers. Unless the public demands changes from the people who hold this information nothing is likely to change. Somebody really needs to go to jail.
If you have any feedback about this column, suggestions about a topic you would like me to discuss or want me to come do a free identity theft seminar at your church or social club you can contact me at JimEastinLS.com.