The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record $16 million — an amount that is almost three times the next-largest OCR data breach settlement of $5.55 million.
While these numbers are interesting, what is the takeaway for business leaders?
It all started with an employee opening and responding to a phishing email:
Anthem discovered cyber-attackers had infiltrated their system through spear phishing emails sent to an Anthem subsidiary after at least one employee responded to the malicious email and opened the door to further attacks. (HHS Press Release)
While this may be shocking, it is neither new nor unexpected. Most cyber incidents are a result of failures of basic cyber hygiene, not super sophisticated James Bond-like attacks. Read more about this in 1 Step to Improve Your Company’s Cybersecurity Today.