Monday, February 09, 2015
Anthem hack shows cultural problems in the "Blue" world as well as security problems in the health care industry, associated with IT work culture
I wasn’t aware that Anthem, as affiliated with the Blue Cross Blue Shield system, is actually a “for profit” and publicly traded company after all, as explained in Wikipedia here.
I had worked for a consortium of six or seven Blue plans, called CABCO, in Dallas from early 1979 until 1981. I left just before it folded. The intention of the project has been a Combined Medicare A+B system, to compete with EDS. At one time, the implementation date had been intended to be 1/1/80. Had the plans gotten along better and been more progressive in thinking, there might have indeed been a system and a new Medicare processing company in Dallas, even if it had subsequently gone through all the usual pressures of corporate mergers and buyouts. Maybe I would have spent my entire career there and would still be living in Texas.
I recall that we had a small data center with a small mainframe (pre-4341), but in retrospect, the actual deployment of technology (compared to earlier employment in NYC at Bradford and NBC and, in fact, Univac – now Unisys) seemed primitive, leading to a particular incident in June 1981 that I think I’ve presented here before. Perhaps that’s a clue to “Blue culture” and what is going on now.
Reed Abelson and Matthew Goldstein have a New York Times article, “Anthem hacking points to security vulnerability of the health care industry”, link here.
Anthem apparently did not protect its internal information with encryption. But when I was working, most of the legacy information was on mainframes, which were viewed as impenetrable. Midtiers were usually on Unix platforms (more like Mac); only end users had Windows at work stations. However, companies were often careless with elevation procedures, which started to be secured properly through the late 1980s into the early 1990s.
I did get a lot of calls about jobs with MMIS and about HIPAA in the period following my layoff. HIPAA supposedly specified rigid standards in transporting medical data (as with XML protocols) among computers, to protect patient privacy, which is not exactly the same thing as real security. There simply was not the attention to these issues when I was working that is needed now.
I would actually have a job interview at the Texas Plan in the low-rise upside-down campus on Highway 175 in Richardson in November 1987.