Anthem Hack: Lessons For IT Leaders
This is actually the first time I'm hearing about this. No surprise that it's headlines news, considering who's involved, but it's much appreciated to have a more sober take that covers all the bases rather than the overly sationalized versions that are likely to pop up most places. As the linked article in defense of non-encryption points out, the public doesn't really understand encryption (in fact, even many seasoned IT pros really don't), but it sounds good to say someone dropped the ball by not doing it. I'm the first one to question whether we really need comprehensive security measures on every piece of data at every company - that said, I'll always temper that point by saying something like 'unless you're in a highly sensitive field'. Healthcare is certainly on that list of sensitive fields.
That said, the smart money knows the IT security is a war of mitigation, not prevention. A breach is going to happen to everyone sometime, no matter how thorough your protection is. How you deal with the fallout, how quick your recovery is, and how you prepare for next time that count. Again, in this regard, Anthem earns some points. It looks like they're already offering customers free support for potential financial issues, and as you point out, they notified the FBI immediately. Still, the full extent of their future plans remains to be seen, and who knows how much of that trust they'll be able to regain. I don't know whether the multitude of recent breaches should be a wakeup call that we need stricter regulations, a wakeup call that these breaches are a fact of life, or both.