Detailed Report On Cyber Attack In Premera Blue Cross

Question: Discuss about a Report On Cyber Attack In Premera Blue Cross? Answer: Introduction The term Cyber attack refers to as the politically or socially influenced attack, which a person do with the help of Internet. It is also an intentional exploitation of technology-oriented enterprises, computer systems, and networks. The cyber attacker target the national or international organizations and the public, and accordingly they carry out the spreading of the malicious programs, deploys unauthorized web access and fake websites for stealing the personal or organizational information from the targets of attacks. Premera Blue Cross is an important healthcare service provider in the United States which experiences a cyber attack in their organization and due to which they suffer from several unwanted consequences. This report will discuss in short about the background of the company. This report is going to talk about the cyber crime in details. Then it is going to reflect the study of the overall situation that the Premera Blue Cross faced because of Cyber attack in their organization, and a necessary recommendation will be there to overcome such type of exploitation in future. Finally, a conclusion will be there based on the comprehensive report. Background of Premera Blue Cross Premera Blue Cross is headquartered in Mountlake Terrace, Washington, United States. It is an essential healthcare service provider and serving more than 1.9 million people, which includes individuals and families of Fortune 100 employer categories. The primary mission of Premera Blue Cross is giving the best healthcare services to their customers (Gray, Citron Rinehart, 2013). Figure 1: Logo of Premera Blue Cross (Source: Liginlal, 2015, pp 680) Premera Blue Cross is well known as the biggest health plans in the regions of Pacific Northwest, and they are providing tailored and complete healthcare services to their customers staying in Alaska and Washington. The services that Premera Blue Cross are providing comprises of innovative programs relating to the prevention, wellness, patient safety, and disease administration (Clough, 2015). Brief Description of Cyber Attack With the progression of the Internet facilities, the cyber crime is increasing day by day. These cyber crimes include phishing, illegal way of downloading, credit card frauds, scams, cyber terrorism, child pornography, children kidnapping through chat rooms, and distribution of spam and viruses (Halder, Jaishankar Jaishankar, 2012). Cyber attack is a politically or socially enhanced attack that is happening through the Internet. Cyber attack targets the average people or corporate organizations and which occurs due to the spreading of malicious programs, forming fake websites, and various ways of stealing the organizational and personal information through targets of attacks. Cyber crime causes enormous damage to the overall infrastructure of the whole organization (Herr Romanosky, 2015). Cyber attacks can be classified into four different parts, which includes: Targeted Attacks: Targeted attacks are the part of Cyber attacks, which is related to the stealing of information from any particular organization or an individual. It also consists of cyber crime occurring on intellectual assets for the purpose of monetary gain or vandalism (Sahu, Maheshwari Sahu, 2015). Advanced Persistent Threat: It is a type of targeted attack focuses on a particular entity, which is going on persistently and repeatedly with the help of various ways for gaining access to the target. The advanced persistent threat is further divided into the following: Attacks using public websites available in the Internet. Attacks against the users with the help of social engineering of target users by sending some malicious programs. Denial of Service attack: It is the type of cyber attack which focuses on the disruption of the services provided by an individual or organization. Distributed Denial of Service attack: This type of cyber attack is carried out in a distributed environment (Dawson, 2015). Detailed Report on Cyber Attack in Premera Blue Cross On 17th of March, 2015 Premera Blue Cross announced about the cyber attack that happened in their organization. After the initial investigation, the management of Premera Blue Cross came to know that the cyber attackers had implemented a sophisticated attack for gaining the unauthorized access to their Information Technology infrastructure (Luna et al. 2015). The in-depth investigation of Premera Blue Cross revealed that the cyber attackers initially struck on May 5, 2014. The managing director of Premera Blue Cross notified that the FBI is supporting the Bureaus investigation regarding this cyber attack. Premera Blue Cross had also involved Mandiant, which is one of the worlds leading cyber security organizations for performing a comprehensive research on the issues. It also concentrates on the removal of the unwanted malicious programs from the IT systems. Also, with all these steps, Premera Blue Cross also took initiatives and additional actions to cleanse, strengthen, and increase the security of their IT infrastructure (Mutchler Warkentin, 2015). This cyber crime attack damaged the Premera Blue Cross Shield of Alaska, Premera Blue Cross and their connected brands named as Vivacity and Connexion Insurance Solutions. According to the preliminary investigation it was determined that the cyber attackers might have got an unauthorized access to the personal information of members and applicants, and which comprised of members name, addresses, date of birth, email address, telephone numbers, Social Security based numbers, banking details, member identification numbers, claims information, and the clinical based information. This event also affected the members of the other Blue Cross Blue Shield plans those who were opting for getting treatment in Alaska or Washington (Kozminski, 2015). Few individuals had done business with Premera Blue Cross, and they had provided their personal bank account number, email address, and the social security number. Due to this cyber attack incident, they also suffered the same way (Torborg, 2013). After the thorough investigation by those security-providing groups, they were unable to determine whether any data was removed from the systems or not. Premera Blue Cross also had no evidence regarding the inappropriate use of those valuable data. Another group is present known as National Healthcare Information Sharing and Analysis Center, which provides support to share breach information. The ways that the cyber criminals attacked Premera Blue Cross includes the particular type of malware, which was not shared and declassified (Kumar, Odame Yeboah, 2015). Due to the occurrence of this overall critical situation in Premera Blue Cross, they have planned to offer free identity theft protecting services and free credit controlling to all the customers those who were affected due to this unwanted cyber attack. For protecting the personal information of the customers, the Premera Blue Cross also focuses on the implementation of the cyber security firm named as FireEye for removing the infected software from their computing system (Wechsler, 2016). Questions regarding the Cyber-Attack in Premera Blue Cross After the thorough research and investigation about the Cyber-Attack, some issues arose in the minds of the customers and ordinary people who are concern about this cyber attack. What happened at Premera Blue Cross due to this Cyber-Attack? The sophisticated cyber attackers aimed Premera Blue Cross as their target, and they somehow obtained the unauthorized access to their IT infrastructure. The overall investigation was unable to judge whether any data information was removed from their IT systems or not (Williams, 2012). No evidence is there until date regarding the inappropriate usage of data and personal information of the customers. The safety and privacy of their customer's information are the chief concern of Premera Blue Cross, and they are taking preventive measures to overcome this conflict of cybercrime attack (Bocek, 2015). Has the information on the customers been accessed? According to the investigation by FBI and Mandiant, it is evident that the cyber attackers might get the unauthorized access to the personal information of the customers, but they were not sure whether any information was deleted from the IT system or not. Premera Blue Cross understands the situation and mailed letters to all the victims whose information was corrupted because of this cyber attack (McHale Officer, 2015). What information had been accessed by the Cyber Attacker? Depending on the relationship between Premera Blue Cross and the customers, various personal information is available with Premera, which includes name, address, telephone number, date of birth, email ids, social security related number, medical claim data, member identification number and also the banking details. Premera Blue Cross are not involved in storing the credit card information of the members and hence the credit card data does not get affected by this cyber attack (Omidiji, 2015). What is that the customer needs to do for protecting their personal information? Premera does not make unsolicited phone calls or email to their clients in any situation. Therefore, the customers need to be more aware, and they shall not provide their personal information in response to an unsolicited phone call or fake email id. The customers need to review their Explanation of Benefits (EOB) statements after receiving it (Stachel, DeLaHaye, 2015). Was the data encrypted which the cyber attacker accessed? The data of Premera Blue Cross was encrypted but still the cyber attackers got the access to the IT system in an unauthorized manner and obtained all the personal information of the customers (Tschider, 2015). Recommendation to overcome Cyber Attack in future Premera Blue Cross need to follow the proposed recommendations to overcome these types of Cyber attacks in future. The recommendations are as follows: All the Blue Cross and Blue Shield Company need to share and gather only the minimum customer information which is essential to manage the overall process of the healthcare. It will ensure the health professionals with information, tools, and resources for providing the best quality of patient care (Gaughan, 2015). Premera Blue Cross needs to deploy active and context-aware access management mechanism for overcoming the potential damage which occurs due to stealing the network credentials. If any user gets connected to an application or server from an unknown location, then their rights to access those servers need to be removed completely (Cheema, 2015) Premera needs to restrict the access of Personal Health Information to only the authorized users. Not everyone in the organization needs to access the patient records and hence putting some strict controls on the resources and applications of the patients can reduce the cyber attacks in Premera Blue Cross (Liginlal, 2015). Encryption and classification of the personal health information need to be there for bringing security to the information. The data breaches in the organization need to be taken into account for bringing security as the employees fail to work securely, and sometimes they perform some dishonesty activities. Due to this irresponsibility by the employees, the cyber attackers gets the advantage of using the personal information for malicious purposes (Grimm et al. 2015). A context level security such as encryption needs to be there related to applications and networks. High-risk information like personal health information calls is required by the Premera Blue Cross health care organization for bringing a multi-level protection and which in turn create difficult for the hackers to perform the cyber crime (Fenner, G. M. (2013). Log all and track access need to be implemented to the personal health information and in addition to it the chief compliance officer who plays a crucial role in the prevention of cyber attack need to determine and focus on Premera Blue Crosss overall security chain. This particular activity can reduce the vulnerability towards the cyber attack (Kusumanegara, 2015). Conclusion Based on the analysis of the cyber attack issue in Premera Blue Cross it can be concluded that the cyber attack occurs due to political or social influence which a cyber attacker do with the help of Internet facilities. The primary targets of the cyber attacker include the normal public and the national as well as international organizations. The cybercrime is happening due to the responsiveness and dishonesty of the employees working for Premera Blue Cross. This cyber crime attack results in a significant loss to the organization as well as their customers. This report concluded that FBI and a leading cyber security group named Premera Blue Cross performed the thorough investigation to find the actual truth about this attack. They concentrated on the removal of malicious programs from the IT systems of the organization. Due to this cyber attack in Premera Blue Cross, the management of this healthcare organization decided to provide free of cost identity theft protection services and free credit controlling to all the affected customers. Finally, the report brought some recommendations, which will be beneficial for Premera Blue Cross to overcome these conflict situations of cyber attacks. References Bocek, K. (2015). Is HTTPS enough to protect governments?.Network Security,2015(9), 5-8. Cheema, S. P. K. (2015). Grandma Gone Wired: The Pros, Cons, and Alternatives of Medically Monitoring the Elderly.J. Int'l Aging L. Pol'y,8, 211. Clough, J. (2015).Principles of cybercrime. Cambridge University Press. Dawson, M. (Ed.). (2015).New Threats and Countermeasures in Digital Crime and Cyber Terrorism. IGI Global. Fenner, G. M. (2013). Admissibility of Web-Based Evidence, The.Creighton L. Rev.,47, 63. Gaughan, A. J. (2015). A DELICATE BALANCE: LIBERTY AND SECURITY IN THE AGE OF TERRORISM.Drake L. Rev.,63, 1015-1201. Gray, D. C., Citron, D. K., Rinehart, L. C. (2013). Fighting Cyber-Crime After United States v. Jones.Journal of Criminal Law and Criminology,103(3). Grimm, H., Paul, W., Esq, Z., Michael, V., Esq, M., Alexander, W. (2015). Back to the Future: Lorraine v. Markel American Insurance Co. and New Findings on the Admissibility of Electronically Stored Information.Akron Law Review,42(2), 2. Halder, D., Jaishankar, K., Jaishankar, K. (2012).Cyber crime and the victimization of women: laws, rights and regulations. Information Science Reference. Herr, T., Romanosky, S. (2015). Cyber Crime: Security Under Scarce Resources.American Foreign Policy Council Defense Technology Program Brief, (11). Kozminski, K. G. (2015). Biosecurity in the age of Big Data: a conversation with the FBI.Molecular biology of the cell,26(22), 3894-3897. Kumar, M. M., Odame, M. S., Yeboah, T. (2015). Migration Model for unsecure Database driven Software System to Secure System using Cryptography.health. Kusumanegara, A. O. (2015). Applying Hierarchical Clustering and Weighted Apriori to Investigate the Examinees' Re-Coming Association Rules. Liginlal, D. (2015). HIPAA and Human Error: The Role of Enhanced Situation Awareness in Protecting Health Information. InMedical Data Privacy Handbook(pp. 679-696). Springer International Publishing. Luna, R., Myhra, M., Rhine, E., Sullivan, R., Kruse, C. S. (2015). Cyber threats to health information systems: A systematic review.Technology and health care: official journal of the European Society for Engineering and Medicine. McHale, D., Officer, C. L. (2015). Be Cybersecure: Protect Patient Records, Avoid Fines, and Safeguard Your Reputation.Michigan medicine. Mutchler, L. A., Warkentin, M. (2015, June). How Direct and Vicarious Experience Promotes Security Hygiene. In10th Annual Symposium on Information Assurance (ASIA15)(p. 2). Omidiji, T. (2015). The Future Challenges of CyberSecurity. Sahu, B., Maheshwari, D., Sahu, N. (2015). Simulation Model for Cyber Crime Reduction.Simulation,115(21). Stachel, R. D., DeLaHaye, M. (2015). SECURITY BREACHES IN HEALTHCARE DATA: AN APPLICATION OF THE ACTOR-NETWORK THEORY.Issues in Information Systems,16(2). Torborg, D. S. (2013). Dark Side of the Boom: The Peculiar Dilemma of Modern False Claims Act Litigation, The.JL Health,26, xx. Tschider, C. A. (2015). Experimenting with Privacy: Driving Efficiency Through a State-Informed Federal Data Breach Notification and Data Protection Law.Tulane Journal of Technology and Intellectual Property, Forthcoming. Wechsler, P. (2016). Issue: Cybersecurity Short Article: China's Unit 61398 Pulled From the Shadows. Williams, B. W. (2012). Better Exchange: Some States, Including Washington, Control Their Health Care Markets While Most Surrender Autonomy to Resist Reform, A.Gonz. L. Rev.,48, 595.