TEANECK, N.J.--(BUSINESS WIRE)--Anthem's security breach may have been prevented or minimized had company policy required tighter control of its cyber-identity credentials. This is the opinion of several IT security leaders associated with the pharmaceutical industry.
Initial reports indicate that the attack on Anthem's database was made using the stolen user name and password of one of the company's senior administrators.
"If the company used two factor identity credentials that require identity verification, the credential would not have been vulnerable to theft, and this attack may not have happened," says Gary Secrest, Chief Technology Officer of SAFE-BioPharma, the non-profit pharmaceutical industry coalition that manages the global SAFE-BioPharma® identity management standard. Secrest led development of identity management systems at the National Security Agency before organizing global IT security for Johnson & Johnson.
"Industries that collect and house confidential data must actively manage and control access to that data," explains Peter Hesse, Chairman of the Technology Working Group of SAFE-BioPharma and Chief Security Officer at 10Pearls, a software application development company that focuses on secure mobile enterprise systems.
The pharmaceutical industry supports standardized identity credentials that are closely linked to their users' proven identity. Their use requires multi-factor authentication such as encrypted passwords and secured software that defines each identity credential.
"We believe that secure identity management policies and procedures can be effective deterrents against raids such as the one on Anthem," says Peter Alterman, PhD, Chief Operating Officer, SAFE-BioPharma Association and former senior advisor to the CIO of National Institutes of Health.
In use for a decade, the SAFE-BioPharma standard allows for the creation and use of a single digital identification credential that is trusted across multiple industries, by all U.S. government agencies, and elsewhere. The standard was developed by the biopharmaceutical industry, with participation from the Food and Drug Administration, and the European Medicines Agency.
For more information on the SAFE-BioPharma standard for digital identity and digital signatures used in life science and healthcare settings, visit http://www.safe-biopharma.org.
SAFE-BioPharma® is a trademark of SAFE-BioPharma Association. Any use of this trademark requires approval from SAFE-BioPharma Association