Anthem may have just experienced the largest healthcare data breach in U.S. history, with potentially 80 million individuals at risk from this “very sophisticated external cyber attack,” as Anthem chief executive Joseph Swedish said in a statement. There will be months of analysis, debate, and proposed legislation as a result the breach. But there is, already, a silver lining: Anthem’s quick and (from all present accounts) thorough response provides a worthy example for organizations of every stripe to follow.
Unlike previous major breaches, the public did not learn of this due to a third party who had informed Anthem it had been breached. According to the FBI, Anthem notified the agency “promptly” and the FBI is currently investigating with Anthem’s full cooperation. Media received notice and broadcast news of the breach globally within minutes. Privacy and Security professionsals (including Taft) quickly sent out messages on how potential victims should protect themselves. Anthem quickly established it would provide credit monitoring services for those affected and also set up a website to keep its customers informed on further developments.
Such quick and decisive actions in a crisis come from well-crafted and thoroughly tested plans. This is the silver lining: a chance for businesses to see the impact of a solid breach response plan in action. With nearly one quarter of the U.S. population at risk, the news coverage today has been far less about Anthem than other events like net neutrality. There will be other cybersecurity incidents. If your organization is next, do you have a tested plan to handle the investigation, contacting authorities, managing media relations, communicating to customers and investors, and so much more?