When Do We Say Enough Is Enough?
Recently Anthem Blue Cross Blue Shield announced that the ‘private’ information of up to 80 million customer was stolen. It wasn’t anything about medical history taken, just all their customer’s personal data. You know, the stuff that can be used to fake someone’s identity and make their life a living hell?
If that wasn’t bad enough, they then announced that the information stolen was not encrypted because it is not required by HIPAA.
Nice try Anthem. You can’t get away with trying to blame someone else for YOUR shortcoming in protecting YOUR customer’s information.
You even go so far as to say:[blockquote_with_author author=”Joseph R. Swedish – President & CEO – Anthem”] Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack… [/blockquote_with_author]
Yet, somehow these ‘state of the art’ information security systems didn’t encrypt the data while it was all consolidated and at rest. You know, the goldmine of data. It is all neatly organized and pulled together into one place for convenience. Turns out it wasn’t just for your convenience.
Since when did a company need an outside source to tell them that they need to properly protect sensitive customer data?
Let’s Make This Easy
Here’s a simple flow chart to help you determine if you should protect customer’s data properly:[divider]
This isn’t rocket-surgery!
Really it isn’t! A lot of database systems out there have options and features already to enable encryption and other protective measures to ensure the data is safe while in motion, and shocking as it may sound, at rest too.If your database system doesn’t have that, there are entire companies committed to providing that protection as a third party tool.
If you are a company that has customers, you need to step up and get a little more pro-active with protecting our information. I’m sure, with all that has been happening as of late, if your website or interfaces wind up going just a little slower because it is secured the majority of your customers would be fine with it.
After all, it’s not like you are rushing to get protective services to the customers in the aftermath. I mean come on! Anthem is snail mailing their customers with details on how to obtain free credit monitoring and identity protection services from them. Nice, but that still leaves plenty of time for the stolen data to be used before the customer can get anything into place.
Is it seriously just about the bottom line?
It sure seems that way. Forget about the customer. Geez, we have 80,000,000 of them! Just get the systems going as fast as possible so that people don’t complain and go to someone else with their money! It’s high time companies start treating us all like humans again, not just numbers stored in an improperly secured database, and to protect their data. Our data.[divider_top]
[content_box color=”#888888″]Chris Bell, SQL Server MVP, MCSE & MCITP, is a 20 year veteran of using Microsoft products & SQL Server to create solutions for businesses, organizations and individuals. Chris speaks, blogs, writes articles and makes media of all kinds regarding SQL Server at WaterOxConsulting.com.
Chris is also the founder of WaterOx Consulting, Inc. which features SQL Server consulting services along with the destination location week-long training series: SQL Summer Camp.
He is the founding president of PASSDC and organizes the annual SQLSaturday in Washington D.C. and Nova Scotia, Canada. Chris frequently speaks at and attends SQL Server events, sharing his passion for all things SQL Server.
In 2012 Chris was a finalist in the worldwide Exceptional DBA competition and in 2014 he received the Microsoft MVP award in recognition of his open sharing of his knowledge with the technical community. His blog is currently syndicated to SQLServerCentral.com and ToadWorld.com[/content_box]