* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/)
* Cyberattacks, Health Insu...

# Cyberattacks, Health Insurance, and Your Personal Data

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F02%2Fcyberattacks-health-insurance-and-your-personal-data%2F)  
[](https://twitter.com/share?text=Cyberattacks%2C+Health+Insurance%2C+and+Your+Personal+Data&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F02%2Fcyberattacks-health-insurance-and-your-personal-data%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2015%2F02%2Fcyberattacks-health-insurance-and-your-personal-data%2F&title=Cyberattacks%2C+Health+Insurance%2C+and+Your+Personal+Data&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2015/02/cyberattacks-health-insurance-and-your-personal-data/&ts=markdown)  
\[\](mailto:?subject=Cyberattacks, Health Insurance, and Your Personal Data)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Feb 18, 2015  
5 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)  
[Vertical](https://www.paloaltonetworks.com/blog/category/vertical/?ts=markdown)  
[breaches](https://www.paloaltonetworks.com/blog/tag/breaches/?ts=markdown)  
[health insurance](https://www.paloaltonetworks.com/blog/tag/health-insurance/?ts=markdown)

When cybercriminals get your credit card information or financial data, the topic of cybersecurity hits really close to home, but the topic will never feel as personal as when hackers get to your health records and medical data.

As one of the largest breaches in the health insurance world continues to unfold in front of us, we're learning all over again why hackers are so interested in healthcare payers. Payers -- aka healthcare insurance companies -- are like a treasure chest for cybercriminals, as they handle not just your social security data, but all of your personal information including financial credentials, credit card credentials, employment and income data, personal data such as address and birthdate, SSN, medical records, and more. Basically, any bit of valuable information that hackers are able to resell on the black market. Additional exposure and risks have been brought into the mix in the U.S. because the Healthcare.gov initiative requires many healthcare companies, including insurance companies and payers, to share a lot more information with many more parties in the ecosystem.

Much has already been written about healthcare breaches, but I wanted to reiterate some of the recommendations that I believe can have the greatest impact, and share why:

1. **Gain visibility. Understand where the risks are and assess your company security posture.**

This one task alone might seem daunting and close to impossible to accomplish if you have limited resources, budget, and face a lot of inertia in your organization. This is actually where Palo Alto Networks can make the biggest difference in the shortest amount of time for customers. You can deploy one of our appliances in tap mode, with no disruption to your daily operations, and get valuable insights within a couple of days in the form of a full report on applications and malware present on your network. If you go through the exercise for all communications to servers that handle sensitive insurer data, then you will get immediate visibility into how far off you might be from a clean and secure environment.

2. **Advocate for tighter segmentation using application-level control.**

Today's reality is that many organizations still operate a network that's way too flat to protect sensitive data from advanced attacks that are able to move laterally once inside a company's network. Protecting sensitive and regulated data with tighter segmentation that is based on application white listing, a user access control model based on a least privileged model, and systematically inspecting all payloads, including that of authorized applications, will reduce risks significantly and enable security teams and advanced security tools to operate at their best.

3. **Quantify the risks and costs of a data breach to your organization.**

If part of your role is to be a security advocate inside your company, then you should immediately equip yourself with data and metrics to back up your argument on why security matters and why your company should invest more in security. With the volume of breaches in 2014, there are many surveys, published models and resources that help to evaluate what breaches cost an organization. For example, based on the [Ponemon Institute research](http://www.ponemon.org/news-2/58), in the US about $200 per stolen record was the number shared at the beginning of 2015.

4. **Do not stop educating employees about security issues.**

Awareness and training activities related to security cannot be just point-in-time activities. They need to be reinforced into everyday interactions until they become second nature. The goal here is not to create a state of paranoia, but to empower every employee to acknowledge that security is critical to the stability of the business they work for and to ensure they quickly recognize the signs that something is wrong in the network. A couple of months ago, I wrote a blog on how Palo Alto Networks brings forward tools to maintain a high degree of alertness on security that may serve as a resource in this endeavor. ("[Keeping security awareness high with your employees](https://www.paloaltonetworks.com/blog/2014/07/raise-awareness-cybersecurity-employees-making-visible/?ts=markdown)")

5. **Build connections with security peers in the healthcare and insurance industries.**

Hackers and cybercriminals have been getting more and more organized, and you should not have to fight them alone. Learn about best practices employed by your peers -- what has worked from them, what has not, how they might have responded to attacks, and more. During the industry security forums that I've attended, the volume of valuable information shared is amazing. Lagging behind your peers will only make your organization an easier target. A good place to start is the [Healthcare-ISAC](http://www.nhisac.org/) and the annual summit they organize in partnership with the SANS Institute. Also, you can consider attending [Ignite](https://www.paloaltonetworks.com/content/campaigns/ignite/2015/index.html?ts=markdown), the Palo Alto Networks user conference, where you can grow your network, and share ideas and best practices with security peers and leaders.

6. **Engage executives on your security agenda.**

Cybersecurity is no longer just an IT issue; it is a business topic. Leading companies who have stayed out of the headlines had this figured out many years ago and have invested accordingly in resources and tools to protect themselves. If you feel you've been falling behind, it's even more critical to reach to the top and get their sponsorship to challenge the security status quo. The above recommendations will make sure you're prepared with the right information and context for when you approach the C-suite about the state of security in your company and what you need to improve it.

### Additional resources

* [Palo Alto Networks for healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
* [Follow our LinkedIn Spotlight Page for Healthcare Security](https://www.linkedin.com/company/healthcare-vertical)
* [Next-Generation Security Platform for Insurance Industry](https://www.paloaltonetworks.com/resources/techbriefs/next-gen-security-platform-insurance.html?ts=markdown)

*** ** * ** ***

## Related Blogs

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Threat Research](https://www.paloaltonetworks.com/blog/category/threat-research/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Top Three Ways Organizations Were Unprepared for Cyberattacks in 2023](https://www.paloaltonetworks.com/blog/2024/11/top-three-ways-organizations-were-unprepared-for-cyberattacks-in-2023/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### GenAI in Cybersecurity --- Threats and Defenses](https://www.paloaltonetworks.com/blog/2024/10/genai-in-cybersecurity-threats-and-defenses/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Why You Need Actionable Threat Intelligence](https://www.paloaltonetworks.com/blog/2017/05/need-actionable-threat-intelligence/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### The Cybersecurity Download: Ransomware](https://www.paloaltonetworks.com/blog/2016/10/the-cybersecurity-download-ransomware/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Vertical](https://www.paloaltonetworks.com/blog/category/vertical/?ts=markdown)

[#### Palo Alto Networks and the Virginia Governor's Office --- Taking Cybersecurity Education to Virginia Schools](https://www.paloaltonetworks.com/blog/2015/07/palo-alto-networks-and-the-virginia-governors-office-taking-cybersecurity-education-to-virginia-schools/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### AI, Quantum Computing and Other Emerging Risks](https://www.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language