Anthem, the nation’s second largest health insurer, announced that the personal information of approximately 80 million customers and employees, including its chief executive, was the subject of a “very sophisticated external cyberattack.” The information accessed included names, Social Security numbers, birthdays, physical and email addresses, and employment information, including income data. While the Anthem cyberattack will likely go down as the largest breach of a healthcare company to date, it illustrates the need for healthcare organizations to adopt HIPAA compliant cloud solutions.
Credit should be given to Anthem for reacting swiftly to the breach which was first detected last week. Based on its ongoing investigation with the Federal Bureau of Investigation (FBI), Anthem said that no credit card information had been stolen. It didn’t believe medical information such as insurance claims or test results were compromised, or that any hospital or doctor information was taken. However, the hackers took something more valuable.
Social security numbers are particularly coveted by hackers. As HOSTING’s Chief Information Security Officer Johan Hybinette discussed in his recent blog post, Safeguarding Your Protected Health Information, combinations of Social Security numbers, birth dates and names are more valuable on the black market than even credit card numbers. Hackers with access to this information can leverage it to fill illegal drug prescriptions, submit fraudulent medical claims, and obtain lines of credit.
The Explosion of Healthcare Data
According to research from IDC Health Insights, the volume of healthcare data is increasing at a staggering rate. In 2013, healthcare data reached an estimated 153 exabytes. At projected growth rates, that figure will increase to 2,314 exabytes by 2020. Healthcare CIOs, already concerned with meeting security requirements as prescribed by the Health Insurance Portability and Accountability Act (HIPAA) are turning to HIPAA compliant cloud storage solutions such as those offered by HOSTING.
HOSTING HIPAA Compliant Solutions
HOSTING Healthcare Cloud™
HOSTING Healthcare Cloud™ is a suite of HIPAA compliant solutions that enables healthcare organizations to share and manage data in a secure cloud environment. Multiple security layers are specifically designed to protect sensitive data such as electronic medical records (EMRs), and electronic protected health information (ePHI). Created to exceed HIPAA compliance regulations for the protection and accessibility of critical data assets, the HOSTING Healthcare Cloud™ ensures that information remains secure and accessible to authorized healthcare providers 24 x 7 x 365.
HOSTING Healthcare Archive™
A key component of our healthcare cloud is the HOSTING Healthcare Archive™, a clear, intelligent solution for healthcare organizations to securely store, manage and share images, reports and other content in the cloud. The vendor-neutral solution provides healthcare organizations with a centralized, cloud-based archive that is fully compliant with HIPAA OCR, HITRUST and PCI audit protocols.
HOSTING Cloud Desktop™
In response to the increasing use of mobile devices by healthcare personnel, the HOSTING Healthcare Cloud™ also includes the HOSTING Cloud Desktop™. Based on virtual desktop infrastructure (VDI) technology, the HOSTING Cloud Desktop provides healthcare personnel with roaming access to medical applications and patient information. PHI is stored in the healthcare cloud instead of distributed on PC’s, laptops, tablets and smartphones throughout the facility. Our cloud desktop simplifies compliance with HIPAA and HITECH regulations by streamlining device management and fully controlling the way data is stored within a secure data center.
While other cloud providers stop at offering cloud security solutions, the HOSTING Healthcare Cloud™ includes the following features as part of our cloud recovery service.
Disaster recovery plans
The HOSTING Cloud Recovery Service transparently replicates an organization’s entire operating environment – including applications and data – to any of our six strategically located data centers.
Emergency mode operations plans
HOSTING understands that a predictable and rapid execution of a pre-determined recovery plan is an essential component of any cloud solution. We provide development, maintenance and ongoing testing of an organization’s recovery plan, backed by an execution-time service level agreement (SLA).
Testing and revision procedures
The HOSTING Healthcare Cloud™ enables organizations to test and revise contingency plans without interruption to their normal business operations. Our customers can initiate failover tests at any time via the HOSTING Customer Portal™.
HOSTING HIPAA Compliance Dashboard™
Every regulatory obligation under HIPAA and HITECH and the draft HHS OCR Audit Protocols are outlined in this proprietary dashboard. Customers are able to track and manage their own compliance objectives – even for systems and components outside the hosted solution.
Keeping ahead of the hackers – many of whom are based overseas – is a challenge for organizations of any size. HOSTING can help. Download the HOSTING Guide to HIPAA Compliant Solutions in the Cloud or contact us directly for more information.
Anthem has set up a website, www.AnthemFacts.com and a toll-free number, 1-877-263-7995, to respond to any questions. The company said that it would provide free identity repair services and credit monitoring.