Aflac’s breach isn’t another random failure on the list of cybersecurity failures. It’s a harsh wake-up call for an industry that deals with the public’s most personal information possible. With Social Security numbers and medical records on the table, the true cost isn’t economic, rather it’s human. Aflac, the insurer that flaunts itself on providing peace of mind in medical emergencies, has now become a source of worry for millions. The digital foundation of the insurance industry is beginning to look fragile. This is more than just a corporate issue, it’s an industry-wide crisis that might highlight the role of the federal inspection system.
The attack, which has been attributed to the vicious hacking group Scattered Spider, reflects on the recent patterns targeting the insurance industry as a whole. The timing of the breach, in addition to more recent attacks on Erie and Philadelphia Insurance Companies, indicates a severe effort to take advantage of vulnerabilities in IT infrastructure. Although Aflac’s acknowledgement to the breach is an important first step, its delayed affirmation regarding what has been accessed leaves doubt. It raises eyebrows regarding breach detection, auditing of data, and incident response.
The violation is clearly a betrayal of trust. Individuals expect insurers to shield not only their wallets but also their most intimate information. It seems that identity theft, fraud, and invasion of privacy now suppresses the reassurance which the insurance is meant to provide. A violation of this magnitude poses reputational and financial risk. Shareholders will be observing how Aflac reacts. Quick action may stabilize confidence, but any presence of toning down the violation will further influence the market sentiment. Individuals with medical conditions, disabilities, or financial difficulties are most vulnerable if their personal information is exploited. They’re worst positioned to absorb the resulting consequences. Other insurers are now in heightened alert mode. The breach might ignite some investment in cybersecurity across the industry. It might compel a reassessment of vendor risk management, and even influence how insurers themselves are protected against cyber attacks.
Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry. With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on US insurance companies that has the industry on edge and the FBI and private cyber experts scrambling to contain the fallout. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month, which in those cases have caused widespread disruptions to IT systems used to serve customers. All three insurance-company hacks are consistent with the techniques of a young and rampant cybercrime group known as Scattered Spider, people familiar with the investigation tell CNN.