Excellus BlueCross BlueShield a famous health organization faced a high level security breach in the year 2015. The article “Excellus BlueCross BlueShield hacked; 10.5M patients affected” was published on September 10, 2015 by the Washington Times provides a detailed analysis of the breach (https://www.washingtontimes.com, 2017). The article reports the breach to have occurred in the year 2013. It was astonishing that the detection of such a great breach went unnoticed. Excellus confirmed the breach on 5th of August, and stated the attackers had got an unauthorized access to their database.
Cyber security can be defined as the loss of confidential, protected and sensitive data. The loss could be probably due to the theft or unauthorized retrieval of data through hacking. A year ago, Excellus faced a similar case of hacking where its data was being hacked for a year or more (Schorr, 2015). The corporation do emphasizes on personal information of people being important and was heard of taking some serious steps to stop any future threats if present. The corporation is into developing some strong IT system to avoid such breaches. Healthcare is being much targeted recently. The organization though has not revealed the exact scenario how the breach took place and was not noticed for such a long time. Data compromised was much more than that of 10.5 million individuals (https://www.washingtontimes.com, 2017). These data included people names, security numbers, their birth dates, telephone numbers, financial account information, mailing addresses and identification numbers. All data which are very much essential and has to be kept secure was lost.
With this breach the company joined companies like Sony, JP morgan, Windows and others in the long list of the companies facing security breach (Karyda & Mitrou, 2016). The officials requires strengthening of the present security infrastructure with such tools which would just block such hackers in time and breach could be stopped at the right time and data could be made more secure then and there.
The possible causes for the threats can be analyzed yet there is no confirmation of how it did actually occur. The weak security measures and vulnerable passwords are the most possible reasons for such an attack. The company possibly follows a less secure authorization system and is not maintaining the proper accessing system. The malicious attacks may have occurred because of non-encryption of Personal Identity Information (PII) (Kim, & Solomon, 2016). Saving of files in some folders which are online accessible or browser not updated recently may also lead to such an attack. Hackers could possibly inject malware or other malicious viruses in to the company’s databases which leaves the possibility of vulnerable infection. Some software is risky and makes the system vulnerable to attacks (Rajasekar, 2015). The computer of the company under some other contractor may be attacked much easily and are prone to such mischief.
There are several possible measures which could be implemented to avoid any such thefts in future. The Excellus BlueCross BlueShield can opt for certain measures recommended. Appropriate physical and electronic security ensures effective security which would secure the data the primer level. Before leaving the data on any of the device it is essential to lock the devices or secure the file by any means. Portable devices should be secured more effectively (Khan & Hoque, 2016). Besides, by any chance if a person leaves the organization forever those people’s details should be deleted securely along with the person’s authorization permit as this might be a threat for later and might give intruder a chance to sneak into the organization important database (Betz, 2016). Additionally, it should be made sure that any sensitive information should not be made public accessible and who have the access to such points.
Sensitive data could be secured by encrypting it properly along with strong password which cannot be cracked easily. Password set should be different for different access points and should be changed often to avoid any kind of accidental breach (Ferrillo, 2015). The organizations should make sure that every device in its premises is secured with anti viruses securing it strongly avoiding any chances of computer security breaches the hacker could hatch.
Conclusion
Excellus BlueCross BlueShield was exposed towards such a computer security breach because of their faulty IT system which was not able to detect the breach. Leaving the company to suffer and lose the confidential data stored in. the company possibly never kept a check on their IT infrastructure and its working which resulted as such a consequence. The company after the attack worked towards strengthening of its security system and urged official to notify every possible customers of theirs the mishap and advice to take every necessary action. The company should adopt some the remedies provided above to avoid any such situation in near future.
Hack Case: Yahoo
Hacking of the data of any organization could be a massive blow to it. August, 2013 saw a major hacking over the web unleashing the data of 1bn users of yahoo to the malicious hackers. The article “Yahoo hack: 1bn accounts compromised by biggest data breaches” published by the theguardian.com on 15th of December 2016 reveals all about the major cyber stack occurred (Thielman, 2016). This made it the largest attack of that time.
Yahoo mentioned intervention of some unauthorized party into their accounts stealing nearly 1bn user’s information leading to the security hack. It was said that the hackers did such an act through some forged cookies. The company foresaw the threat in November previous office.
Yahoo faced this crisis which led to its loss of user’s private and confidential data which was of much importance to the people. The suggested possibility of such theft was those little bits of code left behind on the browsers which enabled the user freedom the login step up at every visit (Lee, 2015). Such cookies are believed to let someone skilled and potential threat to get access of anyone’s account using those bits of stored code on the browser. The proprietary code of Yahoo was stolen most probably.
Braian krebs the security researcher also heard recommending to move off yahoo email service as there was some potential theft which he had sensed earlier (Thielman, 2016). The researcher reported that the service providers were not working successfully for removing and blocking the email based attacks. The sensed threat was not heard of well and led to such a scenario where user’s credentials were put to stake. The article mentions of the US senator after the attack asking Yahoo to reveal the details of the intrusion. The hearing revealed that the breach took much earlier than it was confronted. The senators found it to be unacceptable that the theft risked millions and millions of American’s data (Thielman, 2016).
The impact of theft was to be reflected on their pricing thus on their revenue. The value of Yahoo possibly went down as its image was damaged (Whitler & Farris, 2017). People now might not trust Yahoo and opt for some other options as it may provide them much better security than this. The credentials that was disclosed was millions of user’s name, their birth dates, email accounts along with financial accounts, phone numbers, and other information that was present in the connected database. Yahoo confirmed that there was no breach into the accounts as the cards details and other bank account details were not in the same database rather it was separately. The customers were soon informed and advised after the attack to manage the threat.
There were many possibilities that the passwords of other electronic accounts or bank account may be disclosed or the personal information of the user’s relative may be exposed to the hacker as the personal information are mostly shared on emails only. Such breaches have become very common and as the data or the log-in information is stored in the database it becomes really easy for the hackers to get through those details. Yahoo, though have other ventures too like Flicker- the photo sharing site, Tumbler- the blogging platform and finance yet the loss it faced is possibly too high and this impact would surely be visible in the future revenues of the company (Trautman & Ormerod, 2016).
When any website or computer related technology faces a security breach, the owner of such application or sites is blamed without much consideration of the possibilities of such breaches. It requires both the industry owner and the government to go hand in hand and to set up certain legislation which would protect the users from those threats (Ilyas, 2015). The industry could set some standard protocol or optimization which would provide an extra level of security. The malicious or spam scripts contained or injected in to the website may be blocked so that user’s credentials remain safe. Yahoo after this hack case did lost the trust of their most loyal customers even (Wee, 2016). There are ways in which once any such theft or potential threat through websites are exposed the retendering engine automatically puts that site down and does not let it load again.
Dot defender is another very popular way of stopping any possible threats being planned or hatched. It has very low cost and is a straightforward solution. It works out in a very comprehensive manner by working against the possible threat (Walters, 2014). It can easily manage the APIs and Interface for multiple servers with great degree of ease. Giants such as Yahoo could adopt Security as a Service which provides them security measures perfect for them without any external hardware requirements. Besides this it also provides easy installation securing their IT infrastructure from the possible threats.
Conclusion
Conclusively, it can be said that the hack occurred let down the image of Yahoo along with compromising the confidential data and information of billion users who trusted Yahoo. The breach could have been detected earlier and millions of data could have saved from the theft. The causes and the possibilities for the theft occurred have been discussed much clearly above. The DotDefender mentioned provides in front a protective layer to the application which disrupts any theft trial in the web traffic. The remedy suggested and other which is thought to be profitable ought to be implemented so that any future threats could be stopped and detected.
References
Betz, L. (2016). An Analysis of the Relationship between Security Information Technology Enhancements and Computer Security Breaches and Incidents.
Ferrillo, P. A. (2015). NAVIGATING CYBERSECURITY STORM.
https://www.washingtontimes.com, T. (2017). Excellus BlueCross BlueShield hacked; 10.5M patients affected. The Washington Times. Retrieved April 7, 2017, from https://www.washingtontimes.com/news/2015/sep/10/excellus-bluecross-blueshield-hacked-105m-patients/
Ilyas, M. M. (2015). Cyber security.
Karyda, M., & Mitrou, L. (2016). Data Breach Notification: Issues and Challenges for Security Management.
Khan, S. I., & Hoque, A. S. M. L. (2016). Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations. Computer Science Journal of Moldova, 24(2), 273-292.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Learning.
Lee, N. (2015). Cyber attacks, prevention, and countermeasures. In Counterterrorism and Cybersecurity (pp. 249-286). Springer International Publishing.
Rajasekar, H. (2015). A Brief Report on Data Breaches in US Healthcare. What, Why, and How?.
Thielman, S. (2016). Yahoo hack: 1bn accounts compromised by biggest data breach in history. theguardian. com. https://www. theguardian. com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accountsbreached.
Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach.
Walters, R. (2014). Cyber attacks on US companies in 2014. Heritage Foundation Issue Brief, 4289.
Wee, A. (2016). Yahoo security breach: 5 billion password and info compromised.
Whitler, K. A., & Farris, P. W. (2017). The Impact of Cyber Attacks On Brand Image. Journal of Advertising Research, 57(1), 3-9.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download