Since health insurance company Anthem announced that it had been hacked, more speculation about the possible digital security ramifications has emerged. An existing employee password is believed to have been used as part of the breach, and because of the large amount of entities and individuals affected, there could be a new interest in creating more safeguards for computer systems beyond the traditional password login system.
Anthem was intentionally chosen by the hackers responsible, and it represents other subsidiaries like Anthem Blue Cross and Blue Shield and Amerigroup, as FierceHealthIT reports. The lackluster protection extends to the records themselves, which reportedly weren't encrypted, leaving them especially vulnerable.
TIME Magazine spoke to Benjamin Lawsky of the New York Department of Financial Services, who is using the Anthem breach as an example of why the current methods of protecting important digital information are not sufficient.
"Anthem is a wake-up call to the insurance sector really showing that there is a huge potential vulnerability here," he told the source. Later, he lamented that "it is just too easy, whether through basic hacking or through phishing or stealing basic information, for hackers to get a password and a user name and then to get into a system."
Lawsky reportedly is campaigning for a multi-factor password process, which would require more than one source of input, including an electronic device, for logon to be successful. In theory, this would limit the damage that a hacker can do to a network with just one static piece of data, like a password.
When patient and provider security are both at risk, the need for high security compliance grows even more pressing. For help with this and other medical IT-related improvement plans, practices need healthcare IT consulting firms on their side.