Cyber-Attack against Premera Blue Cross Essay Example

almost daily news of enomous cyber incidents. Premera Blue Cross organization which is one of the biggest providers of health insurance in the United States which is based on enrollment, apparently consists of little higher than six million former customers as well as current ones.it goes without saying that the Washington State is one of the affected organizations by this breach ("Premera Hit By Cyberattack; 6 Million In State May Be Affected", 2015)

In a recent update, the major healthcare insurance provider in the United States, Premera Blue Cross,filled a report stating that they had become victims of a internet hacking that had in turn compromised about eleven million records of customer which included their social security numbers, credit card numbers and also some information about the medical conditions of the insured. The impacts of these information hacking are obviously far too- going and could consequently reduce the confidence that the clients be store upon in their insurance service providers in the duty of protecting their personal information and identity.

While the health insurance company, Premera, also incorporated initiatives in rectifying as well as assessing the threat it faced, involving steps such as the incorporation of an executive cybersecurity industry to carry out investigate, however there are still various questions remaining pertaining how such an organization reported disagreement with the Health Insurance Portability as well as the Accountability Act (HIPAA) in May 2014. Nonetheless, people wonder how Primera managed to be the casualties of such a dangerous information hack (cyberattack).additionally, questions of whether the organization really are in short of the necessarily required information security features needed to sense the various form of attack used to alter

the Premera Blue systems have been raised. Then if this was the case how did the regulators who are in charge of system manage not to see this problem? Also, another major question yet to be answered is; were the issues which were identified in the previous year the cause of the security breach? ("Premera Blue Cross Phishing Attack - Redscan", 2015)
The cyber-attack affects primarily the customers of Premera Blue Cross, Connexion Insurance Solutions and also the Premera Blue Cross Blue Shield of Alaska as well as Vivacity. In a report provided by the Premera official’s two hundred and fifty thousand customers of its Life Wise affiliate in Arizona, Washington, and Oregon, as well as Life Wise Assurance also fell victims of the same attack. Additionally, the organization reported that the information hackers might have accessed the clients’ data as from the year 2002. A report on January 2015 stated that in the health care sector, this apparently is the second major cyber-attack in the previous two months. The Anthem company, which are the second-largest United States insurance provider , also reported that it had been a victim of a cyberattack.

In a Report, which the Office of personnel management prepared in the United States on the 28th November 2014, discovered the following possible causes of the breaches that the malicious hackers used to compromise the system.

• The employees of Premera Blue Company were not updating with the security patches for the software’s in the system, therefore making the machines more vulnerable to information hack.
• Also, the Sysadmins was yet to agree on a “fundamental baseline” that was a set of configuration settings to guarantee that

all the Primera machines were to a similar standars as well as secure or of a better standard

Despite these down falls, the Premera Blue insurance organization was however declared fully compliant with HIPAA during the end of the previous year.

The question of whether the issues identified were the main cause of the security forceful entrance especially considering the ways that were suspected which were utilized to breach the company’s systems are raised. The attack is notably indicated as a phishing attack, which might not necessarily be the case that the issues identified above were directly responsible for the phishing attack. Nonetheless the incompetence as well as inflexible nature of the employees of Premera could surely have played a key role in allowing of the attack.
For a phishing attack to be successful, usually two important activities are required

• To begin with, an employee error. For instance, as a result of one of the employees responding to email to a phishing attempt by the hacker.

• Also, there is inadequate security system which can spot swiftly and be identifying malicious Trojans as well as viruses that are often installed on the victim’s machines due to the above original human error.

Oftenly majority of the phishing attacks yields Trojan virus which are installed on the computer of the victim that in turn “dials up” to receive commands from control server as well as a command from the hackers on what to perform thereafter ( Kumar, M. M., Odame et.al 2015)

For preventing the occurrence of such attacks in the future, there is a conjuction of analytic security innovations which might aid large organizations such as Premera Blue health insurance and various

insurance companies, to instantly spot such malicious malware spontaneously it attempts to enter the system environment. For example, at Red Scan Company, a ranged threat detection techniques are used including methods such as log management, vulnerability scanning, IDS, SIEM GTI, sandboxing, local honeypots as well as behavior analysis (Omidiji, T, 2015). Using this type of innovation often enables and rejuvenates the ability for quick solutions of issues and the swift spotting of information assets which may have been hacked. Provided that the Premera Blue organization spent a period of more than six months before fully identifying the cause for the breach, it could evidently seem that the organization had inadequate security innovation that is needed to reduce the effects of the cyberattack of such a nature. This is an evidence that the HIPAA compliance methodology is certainly one for questioning Premera Blue Cross Phishing Attack - Reds can", 2015).

Other measures that the Premera Blue cross-company would have taken to prevent against the successful phasing attack that will no doubt continue to be successful are:
• User training to help improve their employee’s vigilance about suspicious looking emails as well as the attachments which will lower the risk of such a cyber-attack.
• Although one cannot depend fully on this technique of risk prevention. A response strategy for events occurrence in the organization is crucial so as to guarantee that there is a quick solution to the issues and also the spotting of the important information assets hat perhaps may be victims of the attack.
• another key player in reducing the constant attack especially the surface attack is by having a regular update checks as well as troubleshooting

s on the topography of the network so as to strengthen the network and consequently limit the hackers information siphoning.

Conclusion

For an effective a proper information security system for the organization, a technology upgrade to the current system is required. This is done to eliminate the vulnerabilities that may come by the use of outdated technology system (Baskerville, R.1993). However, an enormous budget is associated with putting into place an effective information security plan and program. Also, training of the employees on ways to discover the malicious emails and Trojans is also a key measure in the eradication of cyber –attack threats

References

1. Kumar, M. M., Odame, M. S., & Yeboah, T. (2015). Migration Model for unsecure Database driven Software System to Secure System using Cryptography. health.
2. Omidiji, T. (2015). The Future Challenges of CyberSecurity.
3. Baskerville, R. (1993). Information systems security design methods: implications for information systems development. ACM Computing Surveys (CSUR), 25(4), 375-414.
4. "Premera Blue Cross Phishing Attack - Redscan". Redscan. N.p., 2015. Web. 11 Apr. 2016.
5. "Premera Hit By Cyberattack; 6 Million In State May Be Affected". The Seattle Times. N.p., 2015. Web. 11 Apr. 2016.