The recent cyber attack on the Office of Personnel Management (OPM), which affected the personal information of four million past and present government employees, has been linked with a spate of recent HIPAA breaches. Bloomberg reports that, according to a security expert, “Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year”.
An anonymous intelligence official added that “The thefts are thought to be part of a broader effort by Chinese hackers to obtain health-care records and other personal information stored on millions of U.S. government employees and contractors from various sources, including insurers, government agencies and federal contractors”.
Anthem and Premera Blue Cross
The data breach that hit Anthem earlier this year affected up to 78.8 million people, many of whom had no relationship with the insurer. Premera’s breach affected 11 million records. So far this year, nearly 125 million health care records have been reported as affected by data breaches.
HIPAA covered entities, government departments, private enterprises, and other corporations concerned about data security should implement an information security management system (ISMS), as specified by the international best-practice standard ISO 27001.
By virtue of its all-inclusive approach, ISO 27001 encapsulates the information security elements of HIPAA by providing an auditable ISMS designed for continual improvement. Organizations can also achieve compliance with a host of other related legislative frameworks simply by achieving ISO 27001 registration. In addition to this, the external validation offered by ISO 27001 registration is likely to improve an organization’s cybersecurity posture while providing a higher level of confidence to customers and stakeholders – essential for securing certain global and government contracts.
IT Governance’s ISO 27001 Packaged Solutions provide fixed-price ISO 27001 implementation resources and consultancy support for all organizations, whatever their size, sector, or location, from under $600.