Anthem Inc. has been breached again. This time, the data breach affected 18,500 members and their protected health information (PHI). According to the media alert, the Anthem breach was caused by a contractor emailing a file containing a member's personal information to his personal email address in July 2016. On July 24th, Anthem reported the breach to the United States Department of Health and Human Services.
On April 12th of 2017, LaunchPoint Ventures LLC, a contractor working with Anthem, discovered that one of their employees was involved in identity theft activities. LaunchPoint then hired a forensic firm to investigate the matter.
The investigation is still ongoing and it is unclear whether the email was work related or not. The type of information that was in the target file included medical information such as the member's Medicare ID number, social security number, birthdates, names, and date of enrollment. LaunchPoint informed Anthem that it was not sure whether the information was misused or not. Additionally, the employee that committed the act has been terminated by LaunchPoint and is currently incarcerated.
RELATED: Anthem Hack: Our New Reality in the United States
Although this particular breach affected a smaller number of people, it highlights a weakness for insurance companies using third party contractors due to the lack of control in their behavior. To combat this weakness, covered entities and business associates must take more proactive measures to protect their consumer's PHI. A great example of protection services for this is implementing Paubox Suite Plus.
READ MORE: Email DLP can Monitor PHI Being Sent to Personal Accounts
With DLP, you can make sure that no sensitive information (such as credit card information, credit monitoring, health plans, or health care ids) will be leaked via email without prior approval or knowledge, as well as other additional substantial benefits. This information security is crucial in this age of frequent cyber attacks and data breaches, as seen with LaunchPoint and Anthem. You can never be too careful when it comes to data security and identity protection services.