[ Wednesday, February 24, 2016 ]
Jeff [2:12 PM]
There's still a long way to go on encrypting healthcare data, says the (extremely photogenic, by the way) California AG
. She's right, but this article
goes straight to Anthem as an example of the hack targeting unencrypted data. It did, but the hack was a very successful phishing attack against the IT department, and the hackers obtained administrator credentials
, so even if every drop of data was encrypted, the hackers had the decryption keys. (To her credit, AG Harris only mentions Anthem when listing the largest hacks and does not single them out regarding encryption.)
To some extent that doesn't matter: the health industry really should adopt widespread encryption at a much higher rate, for the simple reason that if you have an accidental breach or employee error (which still account for a much higher rate of incidents than anything else), you can simply avoid the reporting requirements, and the public spectacle, potential lawsuits, and fines, if the lost data is encrypted.
Blogger: HIPAA Blog - Edit your Template