Lessons to Learn from Anthem Data Breach

Hacking leads to Data Breaches. Often, this translates to be a costly affair.

Let us take a close look at Anthem data breach. Anthem, is the second largest health insurer in the US. Before doing a deep dive analysis let’s set the context as to what aspects need attention. As to “why“, the aim and scope is obvious.

lessons_learned

  • What is the issue?
  • What’s the impact of the data breach?
  • When did the data breach occur?
  • When was it noticed, detected?
  • What immediate actions and steps were taken?
  • When were the consumers notified of the compromise, data breach?
  • What sequence of events lead to the data breach?
  • What is the Forensic report?
  • How was the incident reported to the authorities?
  • What was the incident response plan?
  • Who owned the response plan?
  • How the team(s) swung into action?
  • What actions were taken?
  • How was it communicated?
  • What PR measures were put in place?
  • What are the conclusions from the forensic reporting?
  • What actions were taken, after the conclusion of the report (report findings)?
  • As lesson learned – what new systems & procedures are in place to mitigate recurrence?

There is no doubt that Anthem had bad press. Fingers can point to show that Anthem could have done a better PR job. But, this is analyzing – after the fact. So, little use. Given the scenario that personal information was compromised is a sensitive issue and with down stream repercussions as a fall out. And that too, when 80 million customer accounts are at stake.

Anthem, the health insurance company database was hacked and it allowed hackers to gain access to 80 million customer accounts and their personal information. Most of the victims are current and former members of Anthem health plans, and even some nonmembers, since Anthem manages paperwork for some independent insurance companies. Millions of US residents had no idea that Anthem held their personal details. Now they know – the hard way.

According to Anthem – On January 29, 2015, Anthem, Inc. discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT system and obtained personal information ….”. It went on to say that – “The information accessed may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, employment information, including income data. We have no reason to believe credit card or banking information was compromised.”

The impacted (plan/brands) included: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. Simply put it, all the customers from these entities are at risk.

Forensic reporting points out that – on December 10, 2014, someone compromised a database owned by Anthem Inc., and the compromise went undetected until January 27, 2015, after a database administrator discovered his credentials being used to run a questionable query – a query he didn’t initiate. Subsequently, two days after the detection, on January 29, Anthem alerted federal authorities and HITRIUST C3 that their internal investigation determined the incident was in fact a data breach. On February 4, 2015, the company disclosed the breach to the public.

A deeper analysis of the past history points to the fact that hackers made several unsuccessful attempts in hacking the database. Eventually, the hackers were successful and data breach occurred. Based on Anthem’s defenses, it’s possible that they attacker(s) tried to compromise the database earlier in 2014, but were thwarted. However, they kept at it and eventually succeeded. Hackers continued to take the shots until they hit. Anthem should have swung into action to put more proactive defenses. We don’t know what action or inaction went on, since those early incidents from 2010.

What is an irony is that in 2010, a data breach incident occurred wherein 612,000 customer accounts were compromised. That breach led to a $1.7 million settlement between Anthem and the U.S. Department of Health and Human Services, as the disclosure of health information was a possible violation of the federal HIPAA privacy statute.

Now, post data breach, Anthem, engaged Mandiant, world’s leading Cybersecurity firm – to assist not only in its investigation but also to strengthen the security of the systems. Too little help, to late!.

As part of the consumer redressal, Anthem is working with AllClear ID, a leading and trusted identity protection provider, to offer 24 months of identity theft repair and credit monitoring services to current or former members of an affected Anthem plan dating back to 2004.

Anthem Data Breach and Class Action Lawsuit:

Immediate to the fall out of the data breach incident was that a class action lawsuit was filed. And, within days additional lawsuits were filed in California and Alabama.

Lessons learned of Anthem Data breach:

A lesson to be learnt is that – despite the earlier hacking incident, Anthem failed to encrypt sensitive data; Had they put this in place, data would not have been totally comprised. At least, that’s one perspective.

Takeaways:

There are some lessons to be learnt from the recent data breach incident. Remember, there is no one size fits all. That said, there can be a myriad of things that can be done to avoid potential data breaches. So, adopt a comprehensive strategy.

Here are some key takeaways – to mitigate and minimize risks.

  • Be responsive and transparent
  • Notify regulatory authorities, public as quickly as possible.
  • Conduct a Forensic report to assess what went wrong.
  • Another critical aspect that one need to be watchful is that – Attorney Generals in 47 states can ask for the data around the breach incident. So, keep relevant information handy, and provide consistent information, to avoid any potential legal fallouts.
  • Have a Incident Response Plan in place.
  • Test the incident response plan. Identify and plugin the gaps. This pro-active approach is less costly than reactive, which is very expensive.
  • Bring Legal, Public Relation on board along with IT
  • Monitor System Anomalies
  • Watch Network Admin Activity – use “identity-based threat detection models”
  • Use Encryption, Data Masking – otherwise, most of the personal information is easily readable
  • Give Customers Advice they can use
Advertisements

Biosimilar Drugs – What is it? and What’s Next?

The age of biosimilar drugs has arrived. Almost five years into the Patient Protection and Affordable Care Act, FDA approved the first biosimilar drug – Zarxio (Filgrastim-SNDZ) by Sandoz Inc. of Novartis. Zarxio is prescription drug, in injectable dosage form.

Zarxio, a biosimilar to Neupogen, is a medication that boosts the production of white blood cells and helps to ward off infection in patients receiving strong chemotherapy for some tumors, or patients undergoing bone marrow transplantation or patients with chronic neutropenia.

biosimilar_drugs_whats_next

A biosimilar product is a biological product that is “highly similar” to an already-approved biological product (reference product) approved by FDA. The biosimilar must have the same strength and dosage form. From a consumer standpoint, with Biosimilars, more treatment options are available and also potentially lowering costs as well.

For more details, refer to this link.

Under the Patient Protection and Affordable Care Act (Affordable Care Act), signed into law by President Obama on March 23, 2010, lends way to create abbreviated licensure pathway for biological products that demonstrated to be “biosimilar” or “interchangeable” with an FDA-licensed biological product. This pathway is part of the law known as the Biologics Price Competition and Innovation Act (BPCI Act), under which a biological product that demonstrated to be “biosimilar”, that is, a product “highly similar” to an already-approved biological product.

What’s Next?

There is more in the offing. With amendments to Public Health Service Act (PHS Act), a new door has opened for launching more and more biosimilar or “interchangeable” drugs. Of course, each of these drugs would go through a rigorous process standards set by FDA for drug safety and efficacy.

In 2012, the rise of biologics reshaped the drug market. Now, with first biosimilar drug in the market, more biosimilar drugs are likely to follow in transforming the landscape that has mostly seen traditional drugs and biologics drugs till now.

Does the arrival of biosimilars sound trouble for biological drugs. The obvious answer is ‘yes’, but it would not be so hard as the generic versions coming into the market.

Supreme Court Rules for Teva in Copaxone Case

Teva Pharmaceutical Industries Ltd., won a U.S. Supreme Court patent ruling that will help forestall generic competition to its top-selling multiple-sclerosis drug, Copaxone. The judges gave a reprieve to a Teva patent that will protect Copaxone from generics competition until September.

supreme_court_rules_for_teva

The ruling is a blow to Teva’s generic competitors – Mylan Inc., and petitioner Sandoz. When Sandoz, earlier tried to market generic version of the drug, Teva sued for patent infringement. Sandoz countered the patent and sought invalidation of the patent.

It is interested to note this case draws attention to two facts. 1) The District Court earlier had to consider conflicting expert evidence, with respect to patent claims. The court, after review concluded that patent claim was sufficiently definite and patent was thus valid.
2) What is the prognosis in contesting the molecular weight method of the active ingredient for seeking invalidation of the patent?

So, for now, generic versions will be off by few months, bringing some relief to Teva.

Core Responsibilities of Chief Innovation Officers in Enterprises

Chief Innovation Officers are critical for Enterprises to Innovate & Thrive. That said, what are the critical items they need to address and set things in place for enterprise to innovate and succeed. Following are the critical items to consider:

Must scout for new ways to manage and innovations so as to ensure Enterprises optimize their investments in Research and Development.

Think Big, Start Incrementally – Google is a great example in this category. They incrementally spawned into several new categories systematically with a game plan and achieved the goals.
Strive for Continuous Innovation NOT Perfection – Nothing can be emphasized more than this. It should not be quest or obsession for perfection but providing incremental innovation (less risky) and solve specific business issue(s).
Ignite thoughts, ideas – Encourage employees, supplement ideas with factual data. Provide Management support and allocate resources.
Introduce the culture of Open Innovation – where in employees, partners collaborate in ensuing innovation keep flowing.
Form bridge between Business, Technical and Legal Function – Must be a inclusive person working closely with all key stakeholders and constituents to foster innovation & growth.
Get new products and services to Market – Support business units in translating the captured ideas into new products, (New Products Initiative – NPI) & Services into Market.
Facilitate environment for idea generation – Capture information from all business units.
Capture all ideas and invention disclosures – Create centralized repository for all innovation disclosures.
Help Identify New Market Spaces – Facilitate application of incremental innovation to solve customer issues and help drive up customer commitment.

chief_innovation_officers_core_responsibilities

Enterprises succeed or fail based on either or combination of these factors. So, the next time you look into your Enterprise – make sure all of these are place or being addressed. A must do thing is to align Business, Technical & Legal Functions, ensure that they are well integrated, and that there is a fail safe mechanism to collaborate, manage and make organizations foster innovations, growth & thrive.

For more information, download the eBook – Managing Innovations for Profitable Growth

Will LOT Network Patent Licensing Deals Hinder or Protect?

Close on heels to Microsoft and Canon cooperative patent licensing deal, a new deal – “License on Transfer (LOT)” network was formed between Google and Canon. According to this cooperative licensing deal, LOT is going to help limit future infringement claims and when the patents are sold, all the companies in this network would automatically get a royalty free license.

Companies like SAP, Dropbox, Asana, Google are part of this network.

Will the License on Transfer network be a boon for Start-ups to limit their exposure to lawsuits from NPE’s needs to be seen.

So, next time you do a IP Due Diligence watch for LOT Network contracts also, as companies in this network will get a royalty free license when you sell your patent. And be mindful that this network so far covers over 50,000 US patents. LOT network seems to be one solution (alternative) to Patent Assertion problem, to reduce patent infringement claims.

 

Kameshwar Eranki is CEO of VajraSoft Inc. He is author of the eBook – Managing Innovations for Profitable growth. For free download of the eBook, click here.

About VajraSoft Inc. – VajraSoft Inc. is Intellectual Property (IP) Management Software company, helping customers manage innovations and monetize IP’s. Our award winning products empower businesses and IP law firms to automate the patent filing cost estimation process of creating cost estimation quotes for filing a patent in any country globally. VajraSoft Inc. PatFolio helps customers with Invention Disclosures Management, Drafting Patent Applications, filing, managing patent prosecution life cycle and patent maintenance.

VajraSoft Inc. is Master Class IP Solution provider, and its products won several Cloud awards including – UP Start Awards for Best Industry Application for 2012. CIO Review magazine selected VajraSoft Inc. as 100 Most promising Big Data companies for 2014. Silicon India magazine listed VajraSoft Inc. as Top 100 Technology companies in US for 2013. VajraSoft Inc. is also Finalist of StartmeupHK Venture Program, conducted by the Govt. of Hong Kong and UP Start Cloud Award for Best BI / Analytics Application for 2013.

PatFolio not only automates invention disclosure management but also managing patent portfolio and patent prosecution life cycle. In addition, PatFolio provisions various checklists useful for patent filing. Using these checklists IP Professionals can ensure requisite information needed for preparing patent application is available and ready for filing. These patent application checklists save money, time and reduce / eliminate errors in patent application filing with patent office.

Tesla’s Competitive IP Sharing Strategy Pays off

Tesla Motors brought innovations and spurred the growth of electric car market. Now, quickly capitalizing on its first mover advantage – Tesla Motors which has a network of charging stations across US, is in discussion with BMW and Nissan to share, opening the vistas for Tesla’s superchargers to become Industry standard.

patent_ip_stamp

In a related development, India’s leading automaker, Mahindra – which has developed several electric vehicles for the Indian Markets is reviewing Tesla’s patents to evaluate for potential consideration. For more details, refer to the enclosed link.

Universally compatible charging will for sure accelerate electric vehicle adoption – and bring electro-mobility to fruition much sooner than later.

Two things have become clear – 1) Tesla is luring competitors with its IP Technology sharing and 2) It is making people rethink on IP and Technology sharing & monetization.

Kameshwar Eranki is CEO of VajraSoft Inc. He is author of the eBook – Managing Innovations for Profitable growth. For free download of the eBook, click here.

About VajraSoft Inc. – VajraSoft Inc. is Intellectual Property (IP) Management Software company, helping customers manage innovations and monetize IP’s. Our award winning products empower businesses and IP law firms to automate the patent filing cost estimation process of creating cost estimation quotes for filing a patent in any country globally. VajraSoft Inc. PatFolio helps customers with Invention Disclosures Management, Drafting Patent Applications, filing, managing patent prosecution life cycle and patent maintenance.

VajraSoft Inc. is Master Class IP Solution provider, and its products won several Cloud awards including – UP Start Awards for Best Industry Application for 2012. CIO Review magazine selected VajraSoft Inc. as 100 Most promising Big Data companies for 2014. Silicon India magazine listed VajraSoft Inc. as Top 100 Technology companies in US for 2013. VajraSoft Inc. is also Finalist of StartmeupHK Venture Program, conducted by the Govt. of Hong Kong and UP Start Cloud Award for Best BI / Analytics Application for 2013.

PatFolio not only automates invention disclosure management but also managing patent portfolio and patent prosecution life cycle. In addition, PatFolio provisions various checklists useful for patent filing. Using these checklists IP Professionals can ensure requisite information needed for preparing patent application is available and ready for filing. These patent application checklists save money, time and reduce / eliminate errors in patent application filing with patent office.

Top 10 Inventors of 2013

Top 10 Inventors of 2013 are:

top10_inventors_2013

Together, the top 10 inventors have 1,617 patents to their credit.

Shunpei Yamazaki, Japanese inventor in the field of computer science and solid-state physics. He is the most prolific inventor and holds over 3,193 U.S. utility patents as of June 25, 2013. Last year he had 360 patents to his credit. Shunpei is recognized for his innovative works in computer display technologies.

Lowell Lincoln Wood, Jr. is American astrophysicist and is affiliated with Lawrence Livermore National Laboratory and the Hoover Institution, and has about 710 US patents.

Bartley and Jonathan are from Apple and are credited with many product designs.

 

Kameshwar Eranki is CEO of VajraSoft Inc. He is author of the eBook – Managing Innovations for Profitable growth. For free download of the eBook, click here.

About VajraSoft Inc. – VajraSoft Inc. is Intellectual Property (IP) Management Software company, helping customers manage innovations and monetize IP’s. Our award winning products empower businesses and IP law firms to automate the patent filing cost estimation process of creating cost estimation quotes for filing a patent in any country globally. VajraSoft Inc. PatFolio helps customers with Invention Disclosures Management, Drafting Patent Applications, filing, managing patent prosecution life cycle and patent maintenance.

VajraSoft Inc. is Master Class IP Solution provider, and its products won several Cloud awards including – UP Start Awards for Best Industry Application for 2012. CIO Review magazine selected VajraSoft Inc. as 100 Most promising Big Data companies for 2014. Silicon India magazine listed VajraSoft Inc. as Top 100 Technology companies in US for 2013. VajraSoft Inc. is also Finalist of StartmeupHK Venture Program, conducted by the Govt. of Hong Kong and UP Start Cloud Award for Best BI / Analytics Application for 2013.

PatFolio not only automates invention disclosure management but also managing patent portfolio and patent prosecution life cycle. In addition, PatFolio provisions various checklists useful for patent filing. Using these checklists IP Professionals can ensure requisite information needed for preparing patent application is available and ready for filing. These patent application checklists save money, time and reduce / eliminate errors in patent application filing with patent office.