Organizations aren’t the only ones tired of data breaches. A class-action lawsuit against health insurer Anthem for their 2015 data breach comes with a hefty approved settlement.
If you’re paying attention to data breaches and their associated costs, you should be familiar with Ponemon’s annual Cost of a Data Breach report. And if you’ve read the report the last few years, one industry has a higher cost than any other – healthcare. At an average cost per record breached of $408, the healthcare industry is more than double the global average of just $148 per record.
With Anthem’s estimate of around 79 million people affected by the data breach, the cost of only $1.45 per record sounds fantastic. But in total, that $115M pill will be pretty tough to swallow.
This settlement serves as a warning. Anthem maintained throughout the lawsuit that it had done no wrong. In fact, Anthem hired cybersecurity consulting firm Mandiant (part of FireEye) to review their systems. Mandiant found that Anthem “had taken reasonable measures prior to the data breach to protect its data and employed a remediation plan resulting in a rapid and effective response to the breach once it was discovered.”
They also found that the source of the breach was – yep, you guessed it – a phishing attack on one of Anthem’s subsidiaries that allows cybercriminals remote access to at least 90 systems over a period of 11 months.
So, put your organization in Anthem’s shoes.
Do you believe you have “reasonable measures” in place? Even so, it only takes one successful phishing attack to start the chain of events that can lead to a data breach. Users undergoing Security Awareness Training are 37% less likely to fall prey to phishing attacks – that’s a reduction not equaled by security solutions put in place. With organizations largely unprepared for attack in 2018, it’s time to put effective defenses in place that will have a positive impact on your organizations security posture.
The Data Breach Today site is a great source for budget ammo.