Are Your Insurance Records a Hacker's Delight?

Topics: Financial Services Records and Information Management

Retailers are ripe targets for cybercriminals. However, they're now shifting their attention to insurers. Recent data heists at two medical insurance companies demonstrate both the vulnerability and value of electronic insurance records. According to estimates, criminals accessed 90 million records during the breaches.

Insurance Data: Why Is It So Appealing?

The two recent attacks are not isolated incidents. Based on one estimate, medical identity theft has nearly doubled in the past year—from 1.4 million adult victims to 2.3 million. And each of these incidents comes with long-lasting repercussions. For example, after one mother had an Oxycontin prescription taken out in her newborn's name, it remained on the child's medical records for another 10 years.

What makes insurance records so attractive to cybercriminals? For starters, they're a one-stop source of the personal information (name, date of birth, social security number, etc.) a thief needs to generate fake identities. The black-market value of this data is further elevated by the inclusion of medical histories; with such detailed information in hand, a criminal can impersonate a patient and file a false claim or obtain medications.

Choosing a Data Security Partner: What to Look For

What can you do to deter this new menace to your insurance records? For starters, review the National Association of Insurance Commissioners (NAIC)'s recommended data security measures. If a review of these best practices reveals gaps in your firm's current capabilities, consider engaging an experienced partner.

Here are some qualities to consider if you're looking for a vendor.

Adaptable databases. You want to be certain that your data is securely stored and easily accessible. A flexible partner should be able to handle all types of data storage formats—paper, tape, disk or cloud.

Strong security and private access. Look for a safe, cost-effective archival service that ensures you have a backup in the event of a disaster or disruption. A protected partner's network will have multi-tiered firewalls and anti-malware software. In addition, a vendor should encrypt any data in transit and require multi-factor authentication to access or upload files.

Device disposal. By law, companies must ensure that any forms containing health information are deleted in a manner that renders them unreadable, indecipherable and incapable of being reconstructed. You've probably considered how to destroy your data files, but what about the hardware that holds them? A trusted partner should have an e-waste disposition service that erases all data from a unit before it is responsibly disposed of or resold.

Employee education. You probably have protocols covering employee use of technology, but are your workers following the rules? If not, you can hire a third party to help review your policies and educate your employees on how to abide by them. Many hacks occur because an employee opens an infected email or text, so ensuring that your colleagues consider before clicking can dramatically decrease the chances of a breach.

While hackers will always develop new methods to access confidential information, you can prevail against these threats. When you engage a partner that has a proven track record in the secure storage and destruction of electronic and paper insurance records, you'll ensure your company can avoid any embarrassing breaches and keep data criminals out of your files.


Digital Record Center® for Images
Digital Record Center® for Images

For many companies, an in-house digital image repository is cost-prohibitive. That’s why they turn to Iron Mountain. Our Digital Record Center® for Images delivers the benefits of an outsourced digital archival solution backed by the unmatched records and information management expertise of the Iron Mountain team.

Knowledge Center
Knowledge Center

Are you an information professional who wants to enhance, or start-up, a records and information management or information governance program? Take advantage of our proven practices and new thinking to convert knowledge to action.