Modern computer technologies and innovative IT solutions make people’s lives much easier. Communication, partnership, business operations, and even the development of a loving relationship are possible for individuals who are far away from each other. However, there is the opposite side of this issue. Computer technologies have provoked active hacking. Hackers want to get access to different types of information, mostly of financial nature, and to use it in their interests or just to sell it. This paper analyzes a data breach in the Anthem Health Insurance Company and demonstrates that the disaster recovery plan developed by the organization is not effective, because it does not guarantee further data safety or does not provide compensation to affected customers.
Methods Used in Setting up a Disaster Recovery Plan
A data breach in the Anthem Health Insurance Company was widely discussed by all media resources. Lipka (2015) writes that, “Anthem insurance data breach could be one of largest hacks in history”. The essence of the case lies in the fact that some still unknown hackers accessed the information (private data and social security numbers) of customers insured by Anthem. The number of affected individuals was approximately 80 million (CompuData Inc., 2015). Thus, the scale of the issue was significant. Many indignant victims filed court suits, and others just waited for their compensation to be paid.
Logically, Anthem tried to return the trust of its customers. It had to analyze how its business was affected financially and in terms of reputation. The company decided to develop a disaster recovery plan based on some traditional methods of solving such issues. First of all, Anthem conducted a business impact analysis through determining financial losses and calculating the approximate number of victims and defined actions that it would take. The company also chose a way of communicating with the affected and potential customers (Lipka, 2015; CompuData Inc., 2015). At first sight, the actions taken by the organization are logic and obligatory for the discussed situation. However, Anthem is highly criticized that almost a year has passed and there is no data about who is guilty of the cyber-attack, whether victims have received some compensation, or what ramifications the breach has (Herman, 2016). Thus, even after the implementation of a disaster recovery plan, the outcomes of the case are not very distinct. There are neither any fixed compensation sums, nor further directions of preventing cyber-attacks named by Anthem (Lipka, 2015).
The Total Cost, Damages and the Outcome of Organization’s Disaster Recovery
As it has been stated in the previous section of the paper, there is an obvious lack of calculations of costs of the Anthem data breach. However, the approximate total cost determines that “Anthem should expect to pay between $100 to $200 per breached record with as many as 80 million people affected, that comes out to $8 billion to $16 billion” (Healthcare Dive, 2015). Besides this financial damage caused to the organization, its reputation suffered significantly. The company had paid $100 million to protect its data from cyber-attacks, but this significant sum was not enough to provide customers’ safety. Anthem stresses the fact that the information about debit and credit cards of clients has been not stolen, but it knows that actually knowing it is senseless for hackers (Lipka, 2015).
In spite of the fact that Anthem definitely tries to hide some information about the process of compensation paying and about what further steps it will take to protect customers, it implemented some strategies right after the cyber-attack. These actions became elements of a disaster recovery plan and were as follows: involving the FBI and developing close cooperation in the process of investigation; making some promises to provide free credit monitoring and identity protection services for customers; and developing Anthemfacts, a website for all members to get access and ask their questions (CompuData Inc. 2015). The outcomes of all these steps were hope among Anthem customers for receiving their compensations and a demonstration that the company started to treat its cyber security more seriously.
Success of the Recovery Plan and Lessons Learned
The enumerated outcomes are the best results, which Anthem could reach in this situation. In spite of all efforts, the company’s recovery plan is considered to be a failure. There are some reasons for this fact. First of all, the cooperation with the FBI did not give any positive results. “The FBI is still investigating the attack, and so far has found no evidence that Anthem members' data have been sold, shared or used fraudulently” (Herman, 2016). Secondly, though Anthem started cooperation with Mandiant, a cyber security firm, nothing is known about the results of their work, because the first states that their affairs should not be discussed in public, according to the contract (Herman, 2016). Finally, the analyzed case raises the question, which does not have any exact answer as for now. Payers wonder to what companies they can trust their insurance if the sum paid by Anthem (of $100 million) is not enough (Healthcare Dive, 2015). The success of the Anthem’s recovery plan is doubtful, but it is easy to blame the company for everything and forget that “the sophistication of cyber-attacks is elevating challenging all businesses to seek out the best IT security best practices and technologies to protect sensitive data” (CompuData Inc., 2015). There were no massive breaches of Anthem’s data before (Lipka, 2015). Maybe, like many other firms, the company will not manage to renovate its cyber security systems quickly because new hacking methods appear.
Anthem data breach gave people four important lessons:
- All companies and enterprises, even with the best and the most expensive systems of cyber security, are vulnerable to hackers;
- The speed of response matters. Anthem immediately applied to the FBI, and though they still do not have any results of investigations, the company has demonstrated that it is interested in returning the trust of its customers;
- Firms and enterprises should follow the warning of probable attacks sent by the FBI;
- Companies should quickly gain control of the situation after the episode of hacking (start communicating with customers, clarifying the number of affected victims and calculating losses (CompuData Inc., 2015).
Conclusions and Recommendations
It is worth noting that the Anthem Health Insurance Company has been experiencing a very complicated period in its history since 2015. It is confirmed that the private data of a significant number of customers were hacked. It is true that Anthem immediately applied to the FBI and took further steps to demonstrate its clients that it cares for their security. At the same time, there is much criticism addressing the company, because of the lack of data about how compensations are paid, who the hackers are, and what measures it will take to prevent further similar problems. The general evaluation of the disaster recovery plan is negative because of all these facts. However, hackers of such a level are real criminals, and nobody can fully control them. Some possible recommendations to Anthem and similar companies include hiring professional IT specialists, who will follow the development of the most advanced cyber protection systems and appoint some employees who will be responsible for the timely delivery of the information about current company’s privacy issues, cyber protection, and the investigation of cyber-attacks, if any. Though hacking is highly developed nowadays, organizations should not quit attempts to fight it.
Related Management essays
- Starbucks' Organizational Culture
- Ship Management: MPA Singapore
- Individual Assignment: Lean Management
- Social Performance of Apple Inc.
- Strategic HRM
- Case Analysis: Pinnacle Textile Industries
- Potential Risk, Response, and Recovery
- Setting a Final Pay Range for a Job Position
- Structure, Mission and Functions of the Board of Directors
- Contemporary Issues: Ethics and Organizational Storytelling