Saturday, February 7, 2015

Uh, they could have encrypted the data

Anthem got hacked.  80 million records, good for identity theft, were ripped off.  Anthem did not encrypt the data.  Why?  Oh, there's no standard.  There's no government requirement.  Hmm, companies only do the right thing when government mandates it?  I thought the market took care of this kind of crap.  Oops, now you know why we have regulation.  Regulation creates a baseline that stupid CEOS have to meet.  Government regulation actually helps companies too greedy to run a decent business.  Look, given the lack of IT security exposed over the past few years, it seems a rational business, interested in long and even short  term profitability, would, regardless of the law, encrypt every shred of customer data.

I wonder if Anthem pulled a Pinto.  Ford added up the cost of wrongful death lawsuits and compared that figure with the cost of fixing the Pinto (so it would not be a Molotov cocktail on wheels).  Ford chose to kill customers.  Did Anthem compare the cost of decent data security to the cost of customer data loss and opt to screw their customers?  I would not be surprised that they did.

Lack of encryption standard for health insurers raises questions about health care privacy

No comments: