WaveCrashingThe Anthem breach sent alarm waves through the health care industry and the employer health plan community. With 78.8 million affected individuals for Anthem and 11 million for the companion breach of Premera Blue Cross, the combined size ranks among the largest data breaches in history.

The Anthem and Premera breaches signal a sea change in the threat environment for health plans, a new reality that requires a fresh look at data security. Prudent employers with group health plans should take that fresh look now, by strengthening the data security provisions in their business associate agreements (BAAs) with third-party plan administrators, and also by updating their HIPAA-required security risk assessments.
Continue Reading Data Security for Employer Health Plans Post-Anthem

By now you have probably heard about the ongoing FIN4 cyber attacks on publicly traded entities in the healthcare and pharmaceutical industries. If not, here’s a brief recap.

On Sunday, Nov. 30, security consulting firm FireEye published a report on the current hacking efforts of a group dubbed FIN4. FIN4 has targeted more than 100 organizations, 68 percent of them publicly traded healthcare and pharmaceutical companies, stealing non-public information for illicit trading advantage. Additional targets include law firm partners and M&A consultants privy to proprietary information on imminent merger and acquisition transactions or other non-public, market-moving developments.
Continue Reading Data security lessons learned from FIN4 cyber attacks