Before any big event, it makes good sense to practice ahead of time to make sure everything runs smoothly. The more you rehearse, the more thoroughly everyone involved knows their roles and responsibilities, and can plan for every possible scenario.
Weddings, theatrical performances, speeches, school or work presentations—everyone would likely agree that practice makes perfect when it comes to prepping for an event.
Even if it’s an event you DON’T want to happen.
Cyberattacks/data breaches have impacted almost all industries in recent years, from Target and Equifax, to most recently, Panera and the diet and exercise tracking app MyFitnessPal. In 2015, Anthem Blue Cross and Blue Shield, one of the country’s largest health insurers, experienced a data breach impacting 80 million individuals.
Blue Cross and Blue Shield of Nebraska takes safeguarding our members’ protected health information very seriously. Using industry best practices, we have developed and put in place comprehensive policies and procedures to keep the sensitive information we maintain safe and secure.
But what if? Part of having a strong plan in place is also knowing exactly what to do in case something does go wrong. That’s why, despite having numerous safeguards in place to keep member information secure, we practice on a regular basis what we would do if our data was compromised.
Recently, with the help of our security response vendor, we conducted a simulation of a sophisticated cyberattack to put our training to the test.
“We have strong processes in place and a strong team that’s focused on data security,” said Kerry Kremke, BCBSNE’s director of Information Assurance and chief security officer. “However, it’s important not to take anything for granted. The more you practice an activity, the better the results. These simulations help us improve our performance and strengthen our processes.”
Jennifer Richardson, vice president of Compliance and Ethics, agreed. “In today’s environment, it’s more critical than ever that we remain diligent in protecting our members’ information against a potential hack,” she said. “These exercises mimic ‘real world situations’ that allow us to review and refine our data security measures and practice the steps that would need to be taken to swiftly and efficiently address the situation and communicate with our customers and other key stakeholders.”
In the event of a cyberattack or data breach, communication plays a key role in resolving the issue and protecting impacted individuals from harm. Members and other key stakeholders such as employers, brokers, providers and our own employees, need to be kept informed and clear on what we’re doing to protect them and also what they need to do.
Health care data can be more valuable than credit card information because it includes Social Security Numbers, birthdates, addresses, claims data and employment information. According to a Modern Healthcare article, a complete medical record can sell for more than $1,000 on the dark web. The information can be used for fraudulent billing and prescriptions, but also to steal identities.
While they hope never to have to put the plans and activities they practice into action, Kremke said BCBSNE’s Incident Response Team’s regular cyberattack simulations help ensure the company is ready to address any situation.
“The bad news is that cyberattackers continue to grow bolder and more sophisticated,” Kremke said. “The good news is that BCBSNE remains vigilant and prepared to defend our members’ health information from misuse.”