Premera Blue Cross today just announced a major data breach affecting 11 million people in Washington, Oregon and Alaska. It also affects other Blue Cross members that got treatments at their facilities.
The information stolen is very serious and can enable identity theft.
I’ve got more information on the Trend Micro blog here.
My latest posting over at Geekwire is my analysis and commentary on why Hillary Clinton using a “homebrew” email server is a major security problem.
I had a chance recently to talk with reporters from the Associated Press and the Hill about the recent Anthem data breach and what that means for online security and privacy for healthcare and what people need to know about it.
Is your doctor’s office the most dangerous place for data?
Anthem hack raises ObamaCare concerns
One of my areas of speciality and focus has been managing data security and privacy crises.
So it’s been an interesting month to watch with three different incidents:
- The Epsilon data breach which saw the loss of customer names and email addresses for over thirty of Epsilon’s clients.
- The Apple iPhone tracking issue.
- The Sony PlayStation Network (PSN) outage and data breach.
While these issues affect different companies and different industries, all three major incidents are similar in terms of the shortcomings of their crisis communications response. In all three cases, there is a distinct lack of simple, clear, proactive, authoritative information coming from the affected companies.
With Sony it’s a slow, seemingly grudging response. With Apple it’s a backpedaling response with a hint of “you don’t understand”. And with Epsilon and its clients, it’s an uncoordinated, scattered and confusing response.
All three situations are bigger crises and bigger hits to reputation than they needed to be and that’s because of how the communication has been handled (or not). In fact, in the case of Sony, they’ve managed to obscure the fact that they’re doing the right thing from a technical point of view with their communications. There’s a lost opportunity there for them to get credit for a good technical response.
There’s a lot that can be analyzed with each of these situations but at a high-level, it’s good to take a step back and notice that there’s a trend here towards poor communications around data privacy incidents taking shape.