Secure File Sharing for Insurance Companies: Protecting Consumer Privacy
Secure file sharing for insurance companies is an industry requirement. This post explains why.
Insurance companies are facing two big challenges, and both have to do with information. The first challenge is making information available to an increasingly mobile workforce, despite the fact that it is distributed across multiple data silos. The second challenge is secure file sharing—keeping personally identifiable information (PII) and protected health information (PHI) safe from malicious or careless insiders and dangerous outsiders, like hackers and criminal syndicates. In an earlier post, we addressed the first challenge. In this blog post, we will focus on the second challenge.
Why Secure File Sharing for Insurance Companies is Needed
The headlines tell the story–data breaches are common and costly. Along with retailers and hospitals, insurance companies are under attack from hackers and criminal syndicates. Successful data breaches against insurance companies have yielded private data on hundreds of millions of consumers and led to regulatory penalties and costly lawsuits. In a few cases, hackers did not have to break into insurance company networks at all. Instead, security lapses exposed unencrypted data to the public.
Here are some recent examples of what happens when a breakdown secure file sharing for insurance companies occurs:
- When hackers breached Anthem’s network using a simple password hack, they were able to steal unencrypted PII for 8 million current and previous customers and employees. The breach, which affected approximately one in four Americans, was the largest in healthcare history. Mitigation costs are projected to exceed $100 million—the amount covered by the company’s data security insurance through AIG. The company is still facing a fine that could reach $1.5 million for violating the data security rule of the Health Insurance Accountability and Portability Act (HIPAA). In addition, several class action lawsuits are pending. They could end up costing the company billions of dollars.
- Centene Corporation lost six unencrypted disk drives cumulatively storing customer records for approximately 950,000 members. Announcing the loss in January 2016, the company noted that the disk drives “contained the personal health information of certain individuals who received laboratory services from 2009-2015 including name, address, date of birth, Social Security number, member ID number and health information.” The company is offering free healthcare and credit monitoring to consumers affected by the breach. Regulatory investigations are pending.
- Excellus Blue Cross Blue Shield was likely breached sometime in 2013. Over the next two years, hackers stole PII belonging to over 10 million consumers, including some Social Security numbers and credit card information. Information about the cost of the breach is still pending. The Ponemon Institute has estimated that the typical cost of a data breach in the healthcare industry is $363 per record. Were this estimate to apply to the Excellus breach, the total cost could approach $4 billion.
- Premera Blue Cross Blue Shield was hit by a data breach affecting 11 million customers, the company announced in March 2015. For the previous year, hackers may have had access to “claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other data.” The breach was the largest to date involving patient records.
- WellPoint failed to protect over 600,000 medical records from Internet access. For violating the HIPAA Security Rule, the U.S. Department of Health and Human Services (HHS) fined the company $1.7 million.
- Zurich Insurance lost an unencrypted backup tape containing PII for 46,000 customers in 2010. The UK Information Commissioner’s Office (ICO) fined the company £2,000,000, then the Financial Services Authority hit the company with a separate fine of £2,275,000.
The risks here are obvious. Hackers are targeting insurers for valuable PII. On the black market, healthcare records now sell for 10-20 times the value of stolen credit card records, in part because EMV technology is making credit card fraud more difficult to perpetrate.
But poor secure file sharing for insurance companies occurs even without hackers. Removable media like the unencrypted disk drives used by Centene Corporation create their own content security risks. In its annual report on data breaches, Verizon noted 9,701 incidents of laptops, backup tapes, or other media being lost or stolen in 2015. The problem is most widespread in government and healthcare.
Clearly, a redoubling of efforts is needed in order to achieve secure file sharing for insurance companies. Strengthening password protection, encrypting data, using secure cloud storage instead of removable media—these and other security best practices would significantly bolster secure file sharing for insurance companies.
The Accellion secure file sharing and governance platform enables secure file sharing for insurance companies.
With the Accellion platform, insurance companies protect PII and other content from costly data breaches by enforcing state-of-the-art security controls to protect PII wherever it is—in the cloud, in transit, on a desktop, laptop, tablet or mobile device.
More than 15 million business users and 2,500 of the world’s leading enterprises—including insurance companies such as OneAmerica, AAA, Marsh & McLennan, Kaiser Permanente, Tower Group, Chubb, and many more—trust Accellion to securely share PII and other sensitive information with external partners, from any location, using any device.
To help address the challenges of secure file sharing for insurance companies, the Accellion platform provides:
- encryption in transit and at rest
- encryption key ownership
- FIPS 140-2 certification
- Integration with SSO, LDAP/AD, DLP, ATP, SIEM, and MFA/2FA
- Virtual hardened appliance
- On-premise, private, hybrid, or hosted deployment options
- No vendor access to content or metadata
- Embedded anti-virus (AV) and native 2FA
The risk of data breaches will continue. And enterprises of all sizes will continue feeling the pressure to secure their most sensitive information while increasing productivity and operational efficiency.
Accellion addresses both these challenges.