Another health insurance data breach

The latest cyber-attack south of the border could affect 1.1 million customers, with insurers now potentially a top target for hackers.

Insurers are again on high alert after CareFirst became the third health player this year to admit hackers had breached its systems and potentially gained access to customer information.

“It’s such an attractive target and it’s a soft target and one not traditionally well protected,” Austin Berglas, head of online investigations in the United States and incident response for K2 Intelligence and a former top agent with the FBI, said to the New York Times.

“A nation state might be looking at pulling out medical information or simply looking to get a foothold, which they can use as a testing ground for tools to infiltrate other sectors.”

Hackers see health insurers as such attractive targets because they maintain such a wealth of consumer’s personal information.

The attacks have escalated in recent years said Dr. Larry Ponemon, the chairman of Ponemon Institute, which studies security breaches in health care.

“A lot of health-care organizations have been historically laggards for security,” he told the Times, adding many insurers have only taken small steps, not “huge leaps,” in safeguarding their systems.

Earlier this year, much larger hackings took place at Anthem and Premera where 79 million customers and up to 11 million customer records were accessed respectively.

North of the border, at least one of Canada’s largest life insurers is well aware of the potential damage a cyber-attack could have and is taking steps to prevent it.

“What we’ve done at Foresters and all our business units is we’ve gone to third party companies that will actually test your systems,” said Tony Garcia, the company’s president and CEO. "They’ll attempt to hack in and come back and grade you. While you’re never away from it just being cognizant of it and making sure that your internal processes or in place to mitigate is something that’s top of mind to all of us – not just at the CEO, executive level but for the boards of these organizations.”