Analysis: Did Anthem's Security 'Certification' Have Value?

October 23, 2018 Mayuri Kumar

Health insurer Anthem announced in September 2013 that it had been certified as compliant with the HITRUST Common Security Framework. Then it revealed in February 2015 that it had fallen victim to a breach that exposed data on nearly 79 million individuals. And in a report released last week, federal regulators said the cyberattackers likely began their intrusions in February 2014, about five months after the insurer achieved HITRUST certification.

Now that the insurer has agreed to a record $16 million HIPAA settlement with federal regulators, who spelled out in detail the company's security shortcomings - including the lack of a risk assessment - it's worth scrutinizing the value of adopting a security framework.

Read David Finn's comments here

Previous Article
A CIO guide to building a dashboard for cybersecurity
A CIO guide to building a dashboard for cybersecurity

Next Article
Can't afford a security chief? Here are the alternatives
Can't afford a security chief? Here are the alternatives