MenuMenu

  1. Home
  2. Data Topics
  3. Business Intelligence News, Articles, & Education
  4. Business Intelligence Articles
  5. Data Governance Best Practices: Lessons from Anthem’s Massive Data Breach

Data Governance Best Practices: Lessons from Anthem’s Massive Data Breach

Song_about_summer / Shutterstock

In the insurance industry, data governance best practices are not just buzzwords — they’re critical safeguards against potentially catastrophic breaches. The 2015 Anthem Blue Cross Blue Shield data breach serves as a stark reminder of why robust data governance is crucial. 

The Breach: A Wake-Up Call 

In January 2015, Anthem, one of the largest health insurers in the United States, disclosed a data breach affecting 78.8 million customer records.[1] This incident, one of the most significant healthcare data breaches in history, exposed names, birthdates, Social Security numbers, and other sensitive information.[2] 

Key Failures That Led to the Breach 

  • Inadequate Data Encryption. Anthem failed to encrypt sensitive data at rest, a primary data protection measure.[3] 
  • Insufficient Access Controls. The breach was initiated through stolen credentials, indicating inadequate access management.[4] 
  • Delayed Detection. The breach went undetected for weeks, highlighting deficiencies in monitoring and incident response.[5] 

Best Practices to Implement Now 

  1. Implement End-to-End Data Encryption. As recommended by HIPAA guidelines, encryption should be used for sensitive data both at rest and in transit.[6] 
  2. Adopt Multi-Factor Authentication (MFA). Implementing MFA adds an extra layer of security beyond passwords[7] 
  3. Regular Security Audits and Penetration Testing. Conduct frequent assessments to identify and address vulnerabilities proactively.[8] 
  4. Invest in Employee Training. Human error remains a significant risk. Regular training on data handling and security is crucial.[9] 
  5. Embrace Advanced Threat Detection Tools. Utilize AI and machine learning-based tools for real-time threat detection and response.[10] 

The Controversial Take 

Here’s a hard truth: Many insurers still view robust data governance as a cost center rather than a critical investment. This mindset is not just outdated — it’s dangerous. The $115 million settlement Anthem agreed to pay[11] demonstrates that weak data governance is far more expensive than investing in proper safeguards. 

But an even more insidious problem lurks beneath the surface: the misguided notion that all accumulated data is an asset. In reality, data in most organizations is a liability waiting to explode. It doesn’t just increase breach risks; it bloats storage costs, complicates compliance, and can hinder meaningful analysis. 

Forward-thinking data teams are realizing that less can be more. They’re implementing data minimization strategies to reduce liability and enhance the quality and usability of their data assets. The goal isn’t to amass data indiscriminately, but to cultivate high-quality, relevant data that drives innovation while minimizing risk. 

Don’t let compliance and governance mistakes turn into recurring line items and costs of doing business. In today’s digital age, they are the cornerstones of security and innovation. Ignore them at your peril. 

The Road Ahead 

As data becomes increasingly central to day-to-day business decision-making across all functions, from underwriting to claims processing to marketing, the importance of data governance will only grow. It’s time for the industry to move beyond compliance-driven governance and embrace a proactive, comprehensive approach to data management. 

What are your thoughts? How does your organization approach data governance, considering incidents like Anthem breaches? Let’s discuss in the comments below. 

Remember, in the world of insurance data management, governance isn’t just about protecting data — it’s about protecting your entire business and your customers’ trust. 

Resources 

[1] insurance.ca.gov/0400-news/0100-press-releases/anthemcyberattack.cfm 

[2] shrm.org/topics-tools/news/technology/lessons-learned-anthem-data-breach 

[3] csoonline.com/article/550554/anthem-how-does-a-breach-like-this-happen.html 

[4] nytimes.com/2015/02/06/business/experts-suspect-lax-security-left-anthem-vulnerable-to-hackers.html 

[5] datasciencecentral.com/you-had-an-ongoing-data-breach-for-months-how-could-you-not-know

[6] hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html 

[7] nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication 

[8] cisecurity.org/insights/white-papers/cis-controls-v8 

[9] studentprivacy.ed.gov/sites/default/files/resource_document/file/Data%20Security%20and%20Management%20Training_1.pdf 

[10] gartner.com/en/information-technology/insights/cybersecurity 

[11] reuters.com/article/business/anthem-to-pay-record-115-million-to-settle-us-lawsuits-over-data-breach-idUSKBN19E2MK/ 

Share this post

Christine Haskell

Christine Haskell

Christine Haskell, PhD, is an advisor, educator, and author specializing in data leadership and innovation. She is the Principal of Dative.Works, Senior Editor of DAMA DM-BoK 3.0, shaping best practices in data management. She is also guest editing a special issue for the Leadership & Organization Development Journal, advancing research on data-driven decision-making. With nearly 30 years in the technology industry, including at Microsoft during its pivotal shift to Big Data and Cloud Computing, she has helped organizations turn data into strategic assets. Christine teaches graduate courses in information management at Washington State University’s Carson School of Business and is a visiting lecturer at the University of Washington’s iSchool. Her latest book, Driving Data Projects: A Comprehensive Guide (2024), provides a practical framework and roadmap for navigating the technical, cultural, and organizational challenges of data-driven transformation. She also authored Driving Your Self-Discovery (revised 2024), which explores how AI’s rise makes adaptability (AQ) essential. Also by Christine: Driving Results Through Others (2021).

scroll to top