Pamera is used by Amazon, Microsoft, and Starbucks among other companies in the area...

I am not surprised that another Blue Cross company had a data breach, nor would I be surprised, if all of them will have one. The "Blues" are interconnected that complements the propagation of the hack. The question is, will all of them be able to detect the data breach?

Once a cloud data has been hacked people personal information will be forever known to the bad guys and could be use later, much later when people are not watching. They can also sell this information to other crooks to be use even later.

To put it simple.
Cloud security has not kept up with Cloud usage.

This one was Blue Crosses fault. Documents reveal they didn't encrypt the SS data all for the sake of convenience.

In this instance, Anthem didn't even have your records encrypted (and lord knows they can afford to do so). Apparently, encrypting your data would have been inconvenient.

You can have the best security, but if you're too damn lazy to use it, it does no good. Yes, I am mad at them because had they gotten the ID numbers of the medical cards, those could have been changed. Your SS stays with you for life. meaning I don't know if my identity will be compromised 2 years from now, or 20 years from now. It's out there now for good. Thanks Blue Cross. Hope you get sued into oblivion. Maybe other companies will take that as an example & do the right thing, even if it is "inconvenient."

Borg 386 said:

This one was Blue Crosses fault. Documents reveal they didn't encrypt the SS data all for the sake of convenience.

I don't disagree that this one was Blue Cross' fault, but not for the reason stated...

There's no regulations for health insurance companies to encrypt the data at rest. It is currently recommended, but not required and as such, the "Blues" were in compliance as far as the encryption is concerned...

Encryption would not help in the case of stolen system level accounts. Administrators, be that for system or database, will need access to the encrypted data. Regardless of the type of encryption, these accounts have no problems connecting to the data.

On the other hand access control and monitoring privileged level access to PHI data is a regulatory requirement and this where the "Blues" were not in compliance. If the previous "Blues" data breach is any indication, where they did not monitor admins access and waited until a DBA discovered it, the current data breach has been caused by the lack of tighter access controls and monitoring the access. Simply requiring admins to use two-factor authentication would have prevent these data breaches.

To me the point is, once your information is in the hands of others you have no control of that information.
I really don't know what we as individuals can do about the security of our information is such cases.

Once the bad guys get your Social Security Number (SSN) they have it forever and can sell it to whomever. How would one watch if this information to see if it is abuse over a long period of time.

We are just Fxxxxx because of poor cloud management in the control of others.

Layback Bear said:

Once the bad guys get your Social Security Number (SSN) they have it forever and can sell it to whomever. How would one watch if this information to see if it is abuse over a long period of time.

Yepperz, meaning me & other people that were effected by this little snafu are going to have to be on guard for the rest of our lives.

Since Anthem is offering 2 years of credit monitoring, I imagine a whole slew of problems will start popping up 2+ years from now as more savvy hackers will wait until then & probably start slowly using the compromised SS numbers around that time.

Because our SSN are ours forever; they are now the hackers SSN for ever.

Layback Bear said:

Because our SSN are ours forever; they are now the hackers SSN for ever.

Exactly

Layback Bear said:

Because our SSN are ours forever; they are now the hackers SSN for ever.

Under these circumstances, I don't want to live for ever...