Anthem Data Breach

Computer crime, also known as cyber crime, is one of the fastest growing segments of crime in the world. Global cyber crime costs approximately 100 billion dollars every year and affects about 556 million people. The medical field has the highest percentage of security breaches with 38.9% and business is the next highest at 35.1%. (Go Gulf, 2015) These crimes may range from illegally copying software to stealing millions of consumers’ personal information for financial gain. An organization is always at risk for cyber crime and must work diligently to ensure that their cyber security is a top priority. Security accounts for approximately 6 to 8% of the IT budget for companies in the US. (O’Brien & Marakas, 2011)

In February 2015, personal account information was stolen from approximately 80 million customers of Anthem, one of the country’s largest health insurers. This personal information included names, birthdays, Social Security numbers, mailing addresses, e-mail addresses, income data, and employment information; no medical or credit card information was accessed. According to Anthem president and CEO Joseph Swedish, it was a complex cyber attack originating from an external source. Security experts involved in the investigation of the incident state that the attack looks very similar to other attacks launched by a Chinese cyber espionage group known as “Deep Panda.” This name was given to the group by the security firm, Crowdstrike. The following graphic, the ScanBox Framework, was created by Crowdstrike and illustrates servers and tools that have been used in the past by “Deep Panda” in several other cyber attacks. (Krebs, 2015)

After learning of the security breach, Anthem contacted the FBI and hired a security company to evaluate all aspects of their security. The company then contacted their customers and set up a website to provide them with more information. (Weise, 2015) This attack ranks among the largest in recent cyber attacks. (Mathews & Yadron, 2015)

There are several points to consider regarding Anthem’s failure to protect this information. Two of the preventative steps of a data breach are to continuously monitor for the leakage or loss of sensitive information and to periodically test and check information security controls. (US Department of Education, 2012) A federal agency known as the Office of Personnel Management’s Office of Inspector General (OIG) performs audits on various health insurers that provide health plans to federal employees. Less than a month following the attack, the OIG stated that Anthem refused to allow the agency to perform “standard vulnerability scan and configuration compliance tests” on their systems. Anthem also denied a similar request in 2013. In both instances, the company stated that ‘company policy’ was the reason for the refusal. (McGee, 2015) It is interesting to note that the investigation of the security breach revealed that the hackers may have begun accessing Anthem data as early as nine months prior to the company’s report of the attack. (Krebs, 2015) In addition, Anthem’s data was not encrypted. Encryption of data is an important method used in cyber security. This method uses mathematical algorithms to transform digital data into scrambled codes. Although the law does not require companies to use encryption with critical data, it should have been an additional step utilized by Anthem to protect their system. (Kern, 2015) (O’Brien & Marakas, 2011)

Although there were steps that Anthem did not take to prevent the attacks, the company did respond correctly by notifying the affected customers quickly. Federal law requires healthcare companies to inform consumers if they have a data breach involving personal information, but they have up to 60 days after discovery of the attack to do so. (Mathews & Yadron, 2015) A website was created to educate their customers and they offered those affected free credit monitoring and theft identity protection services. They also contacted the FBI immediately and hired an independent security monitoring company to evaluate their system. It is important to act swiftly in this situation because hackers are able to destroy evidence once they are aware they are under investigation. (Weise, 2015)

The financial consequences of the data breach may reach more than 100 million dollars. Anthem’s cyberinsurance policy covered losses up to 100 million; however, with 80 million affected customers, the amount necessary for notification procedures may have exceeded this amount. (Osborne, 2015) In addition, this amount does not include the losses incurred by the affected customers that may consequently become victims of identity theft.

Cyber crime statistics and trends. (2015). Go Gulf. Retrieved April 17, 2015 from http://www.go-gulf.com/blog/cyber-crime/

Kern, C. (2015, Feb 20). Anthem breach leads to push for encryption legislation. Health IT Outcomes. Retrieved from www.healthitoutcomes.com

Krebs, B. (2015, Feb 9).Anthem breach may have started in April 2014.Krebs on Security. Retrieved April 17, 2015 from www.krebsonsecurity.com

Mathews, A & Yadron, D. (2015, Feb 14). Heatlh insurer Anthem hit by hackers.Wall Street Journal.Retrieved April 18, 2015 from www.wsj.com

McGee, M. (2015, March 4). Anthem refuses full IT security audit. Gov Info Security. Retrieved from www.govinfosecurity.com

O’Brien, J. & Marakas, G. (2011). Management Information Systems. New York, NY: McGraw-Hill Companies

Osborne, C. (2015, Feb 12). Cost of Anthem’s data breach likely to exceed $100 million. CNET. Retrieved from www.cnet.com

U.S. Department of Education: Privacy Technical Assistance Center. (2012). Data Breach Response Checklist (PTAC-CL). Retrieved April 17, 2015 from www.ptac.ed.gov

Weise, E. (2015, Feb 5). Massive breach at health care company Anthem Inc. USA Today. Retrieved from www.usatoday.com

IT Strategies for Transnational Organizations

As businesses become more globalized, and companies start branches in international markets, the need grows for developing and employing IT strategies for transnational organizations. Multinational enterprises constantly seek business solutions to the impacts of a saturated domestic market, slowed domestic market growth, increased labor costs, and shortage of specialized labor (Chen, 2005). Transnational Organization Strategy is a management approach wherein a business integrates its global business activities through cooperation between headquarters and international operations (Linton, 2015). In this system, centralized resources, such as global information systems, are key to help support this very strategy. It systems allow a company to deliver consistent information services to all locations, with higher levels of collaboration, all the while allowing the individual locations enough flexibility to adapt to their local market conditions.

Business and Information System (IS) executives need to be competent enough to analyze a global strategy from at least five levels: global, regional, national, company, and individual (Chen, 2005). There are a number of advantages to employing these types of strategies. Transnational organizations work with service providers that have the ability to provide global IT and networking services. This proves to be advantageous, for, working with a single provider reduces the cost, as well as the complexity, of managing various providers from the numerous locations. A single network unit is able to offer the same standard of services, and communication resource to each area, while allowing the central operating team to switch resource levels based on demand. The operations team is also able to provide IT resources new locations quickly and efficiently, without having the need to set up and connect to a new network infrastructure.

The Internet accessibility is perhaps the biggest challenge faced by companies these days. For instance, a company from the U.S. will have a difficult time corresponding with its foreign branches where a telephone network is not a viable option. Therefore, the idea is to have a global network of networks to smoothly communicate with one another. For example, OASIS has done a great deal to create interoperable industry specifications based on public standards, such as the XML and SGML. The global telecommunication industry is another key player in the movement of global information systems. There are four key players: communication providers, distribution providers, content providers, and tools providers. Communication providers include local phone, cellular phone, and other wireless service providers. Distribution providers include broadcast, Internet service providers, and long-distance phone service. Networking devices, such as routers and Ethernet cards, are considered communication hardware, while tools providers are manufacturers and suppliers of these products.

One major example of companies that successfully utilize transnational IT strategies is Citibank. The company employs over 250,000 employees in over 100 countries. Their e-business initiative to empower local, regional, and global customers to conduct transactions online is an excellent example of the use of information systems and technology to support international business strategy. Strategic alignment is a pivotal part of ensuring that adequate information systems structure is designed to support an international strategy. If not careful, IT may miss this target, unless it relies on the supply of accurate information. Therefore, transnational organizations must constantly evaluate their strategies of IT against its business strategy and structure.

                                                                                 Citibank

Moreover, organizations that adopt a transnational IT strategy may improve the efficiency of their supply chain operations by extending the network to authorized suppliers, distributors, and business partners over secure connections (Linton, 2015). In the event of a problem in the supply chain, the availability of global networked resources allows the organizations to bring together other suppliers, in an effort to avoid disruptions to operations.

In conclusion, the importance of strategies to support transnational IT operations may not be overstated. With the advent of globalization, companies may benefit greatly from developing strategies that not only support operations at home, but abroad as well. “Instead of having independent IS units, or even a centralized IS operation directed from its headquarters, a transnational business tries to develop an integrated and cooperative worldwide hardware, software, and Internet-based architecture for its IT platform”(O’Brien & Marakas, 2011) These strategies are not only important for a company’s local operations, but more so for beyond borders as well.

Basu, C. (n.d.). What Is a Transnational Business Strategy? Retrieved April 10, 2015, from http://smallbusiness.chron.com/transnational-business-strategy-20950.html

Linton, I. (n.d.). Transnational IT Operations as a Strategy. Retrieved April 10, 2015, from http://yourbusiness.azcentral.com/transnational-operations-strategy-4238.html

Brien, J., & Marakas, G. (2011). Management information systems (10th ed.). New York: McGraw-Hill/Irwin.