Insurance Companies Protect Your House, Car, Family — But How About Your Personal Information?

Since the 1700’s insurance companies have been operating in the U.S., providing policyholders a safety net for the worst-case scenarios. Beyond what is stated in insurance policies, government regulations dictate there is something else these companies must protect: customers’ personal data. From first and last names, and social security numbers to licenses and identification cards, insurance companies hold a treasure trove of personal information, making them a prime target for hackers. In addition to customer data, anti-money laundering (AML) and fraud, risk audit and new product launch information are other types of documents that can also put insurance companies at risk.

Insurance companies — particularly insurance companies in the healthcare sector — often find themselves a prime target. The Identity Theft Resource Center reported there had already been 312 data breaches and 1.3 million records exposed as of March 14, 2017. Most notably, 25 percent of affected data was in the medical / healthcare sector.

Ransomware is just one example of an attack, but one that is of particular concern — and rightfully so. This is even more true after the spread of ‘WannaCry’ which impacted users in more than 150 countries, and most recently ‘Petya.’ However, this is certainly not the first time ransomware has hit the healthcare industry hard. In fact, according to Verizon’s 2017 Data Breach Investigations Report, ransomware makes up more than 70 percent of malware attacks against the healthcare industry. This includes hospitals, pharmacies and insurance agencies.

Protecting data at a granular level

Ensuring networks, devices and platforms are secure is the first step to keeping sensitive information safe. However, what happens once the data leaves a company’s virtual perimeter? To be effective, insurance companies must share sensitive data with its vast network of agents, partners, contractors and subsidiaries — but this means the data goes beyond the reach of its data security and governance systems.

To protect data wherever it travels, insurance companies need to protect the sensitive information they house at the data level. Implementing an enterprise digital rights management (EDRM) solution keeps information safe no matter where it travels. By attaching granular usage controls to sensitive files, it is possible to enforce the recipient’s ability to view, edit, print, copy and even run macros.

Insurance companies recognize the threat, opportunity

Given their own experience, insurance companies recognize the detrimental impact that breaches can have on companies. For example, according to the CDI, Anthem ended up with a $260 million bill to take care of “security improvements and remedial actions in response to this breach.” Some insurance companies have even gone as far as offering data breach insurance. However, while insurance can help minimize the financial impact of a breach, companies (including insurance companies) must do everything in their power to protect data before it is compromised. Customers deserve privacy when it comes to their information, and even with the best insurance policy in place, a company can’t be reimbursed for reputational damage. In the long run, this unquantifiable damage could be the most impactful.

At the end of the day, insurance companies are around to protect people in the event something goes wrong. In turn, insurance companies should think of data-centric security solutions, such as EDRM, as their own “insurance policy” in case they get breached.