In response to the reports of a major breach at another Blue Cross insurer: John Gunn, VP of Communications, VASCO Data Security International says: "It is simple economics - hackers are attacking targets with highest value assets; retailers for payment cards, banks for funds, and healthcare organizations for social security numbers. Healthcare organizations are lagging behind and unless they greatly increase their investment in the people and security solutions necessary to protect their assets, they will remain the target of choice for criminals."
Franklyn Jones, CMO, Spikes Security said: “On one hand, it’s frightening to think that Excellus is just discovering an attack that first infected their network two years ago. On the other hand, this is just the latest example of an advanced targeted attack that is simply undetectable, despite the significant investments Excellus no doubt made in building a strong security architecture. The root cause of the Excellus breach can likely be traced to the failure of legacy security technologies, which all rely on some form of detection technology to try to identify and block these attacks. It’s painfully obvious that these products simply don’t work."
Jeff Hill, Channel Marketing Manager, STEALTHbits remarks: "The most compelling element of this episode is the 20 months it took Excellus to discover the breach and put a stop to it. Twenty months exceeds the average breach discovery time - about 200 days - but in Excellus' defense, it beats the over 5 years hackers ran wild on the newswire services' networks before being discovered by the SEC, not internal IT systems. Gone are the days of smash-and-grab operations executed by impetuous, immature hackers. Of the newest weapons and tactics being deployed by today's attackers, patience may be the most dangerous development."