The paper 'Incident Management and Communication Strategies - Anthem Inc" is a good example of a management case study. The paper will address a business incident that occurred in 2015 and the effect extended to 2016. The paper will consider Anthem Inc. which is an insurance company. It will also highlight various measures that the company has applied since the breach occurred in order to maintain the customer. The paper will also highlight a number of consequences resulting from this massive breach (Bartolini et al. 2006). This paper will also outline the ways in which the company was able to detect the attack and its response. Anthem Inc.
was among the largest health insurance company in America. It had registered as many customers as 80 million by the year 2015. However, the company’ s account information was stolen by hackers. According to the spokesperson of the company, hackers were able to get access the company’ s computer system where they reached the following customers’ information; names of the customers, their social security numbers, email addresses, street addresses, their medical IDs, and the customers’ employment information which includes their income data (Lester, & Krejci, 2007).
Investigation over the breach was been conducted by the FBI, but the real attackers have never been identified. The company was able to detect some malicious activities within their network and immediately notified the legal authorities for investigation. However, it was too late for them since attackers had already accessed relevant customers’ information and they had already stolen their data (Doelitzscher, et al. 2012). This was the first and largest health care breach that has ever occurred. In the past, no medical institution has ever experienced such an incident.
Anthem Inc. was the first medical organization to have their data stolen. After the attack, the company developed a website where its customers, could get full information concerning the breach (Moynihan, 2007). The established website was www. anthemfacts. com. The members were also to call and ask a relevant question concerning the breach to the management via a toll-free number. The number provided to the members was 877-263-7995. After discovering the attack by the hackers, the company notified the FBI in order to get the incident investigated (Blyth, 2009).
The company notified the FBI immediately after they realized some suspicious network behaviors. The customers were also directed that in case their information was stolen they were to report immediately to the FBI’ s Internet crime complainant center via the website www. ic3.gov (Freiling, & Schwittay, 2007). The quick response to notify the FBI was very important since hackers can easily and quickly interfere with useful information and evidence that can be useful to identify individuals who are responsible for the intrusion. In order to regain the customer’ s confidence, the company reassured its customers that, it would provide identity protection services to all its members (Attridge, & VandePol, 2010).
The company made an arrangement that the customer’ s identity would be protected for two years without charging them. This would be done via AllclearID protect (Krebs, 2008). However, some customers negatively responded to the attempt of the company to protect their identity at no cost. Some customers argued that lifting the charges was just a way of blackmailing them.
Ahmad, A., Hadgkiss, J. and Ruighaver, A.B., 2012. Incident response teams–Challenges in supporting the organisational security function. Computers & Security, 31(5), pp.643-652.
Atkins, M.G., Carey, J.E., Markland, M.W. and Sanders, P.J., International Business Machines Corporation, 2014. Administering incident pools for event and alert analysis. U.S. Patent 8,898,299.
Attridge, M. and VandePol, B., 2010. The business case for workplace critical incident response: A literature review and some employer examples. Journal of Workplace Behavioral Health, 25(2), pp.132-145.
Bandara, W., Rosemann, M. and Cornes, J., 2005. Business process redesign in information technology incident management: A teaching case.
Bartolini, C., Sallé, M. and Trastour, D., 2006, April. IT service management driven by business objectives An application to incident management. In Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP (pp. 45-55). IEEE.
Bartolini, C., Stefanelli, C. and Tortonesi, M., 2008. SYMIAN: A simulation tool for the optimization of the IT incident management process. Managing Large-Scale Service Deployment, pp.83-94.
Blake, K.W., Converse, V.K., Edmark, R.O.N. and Garrison, J.M., International Business Machines Corporation, 2008. Method and system for morphing honeypot with computer security incident correlation. U.S. Patent 7,412,723.
Blake, K.W., Converse, V.K., Edmark, R.O.N. and Garrison, J.M., International Business Machines Corporation, 2010. Method and system for morphing honeypot with computer security incident correlation. U.S. Patent 7,694,339.
Blyth, M., 2009. Business continuity management: building an effective incident management plan. John Wiley & Sons.
Bryman, A. and Bell, E., 2015. Business research methods. Oxford University Press, USA.
Collis, J. and Hussey, R., 2013. Business research: A practical guide for undergraduate and postgraduate students. Palgrave macmillan.
Crane, A. and Matten, D., 2016. Business ethics: Managing corporate citizenship and sustainability in the age of globalization. Oxford University Press.
Doelitzscher, F., Reich, C., Knahl, M. and Clarke, N., 2011, November. An autonomous agent based incident detection system for cloud environments. In Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on (pp. 197-204). IEEE.
Doelitzscher, F., Reich, C., Knahl, M., Passfall, A. and Clarke, N., 2012. An agent based business aware incident detection system for cloud environments. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), p.9.
Edvardsson, B., Kowalkowski, C., Strandvik, T. and Voima, P., 2014. Negative critical waves in business relationships: an extension of the critical incident perspective. journal of business & industrial marketing, 29(4), pp.284-294.
Feltus, C., Khadraoui, D., De Rémont, B. and Rifaut, A., 2007. Business governance based policy regulation for security incident response. Crisis, 7.
Ferreira, D.R. and Da Silva, M.M., 2008, April. Using process mining for ITIL assessment: a case study with incident management. In Proceedings of the 13th Annual UKAIS Conference, Bournemouth University.
Freiling, F. and Schwittay, B., 2007. A common process model for incident response and digital forensics. Proceedings of the IMF2007.
Gâteau, B., Khadraoui, D. and Feltus, C., 2009, June. Multi-agents system service based platform in telecommunication security incident reaction. In Information Infrastructure Symposium, 2009. GIIS'09. Global (pp. 1-6). IEEE.
Guenthner, D., 2012. Emergency and crisis management: Critical incident stress management for first responders and business organisations. Journal of business continuity & emergency planning, 5(4), pp.298-315.
Guo, W. and Wang, Y., 2009, December. An incident management model for SaaS application in the IT organization. In Research Challenges in Computer Science, 2009. ICRCCS'09. International Conference on (pp. 137-140). IEEE.
Hertenstein, D., International Business Machines Corporation, 2010. Third party verification of insurable incident claim submission. U.S. Patent Application 12/961,699.
Krebs, B., 2008. Cyber incident blamed for nuclear power plant shutdown. Washington Post, June, 5, p.2008.
Lester, W. and Krejci, D., 2007. Business “Not” as usual: The national incident management system, federalism, and leadership. Public Administration Review, 67(s1), pp.84-93.
Li, T.H., Liu, R., Sukaviriya, N., Li, Y., Yang, J., Sandin, M. and Lee, J., 2014, June. Incident ticket analytics for it application management services. In Services Computing (SCC), 2014 IEEE International Conference on (pp. 568-574). IEEE.
Moynihan, D.P., 2007. From Forest Fires to Hurrican Katrina: Case Studies of Incident Command Systems. Washington: IBM Center for the Business of Government.s
Rotvold, G., 2008. How to create a security culture in your organization: A recent study reveals the importance of assessment, incident response procedures, and social engineering testing in improving security awareness programs. Information Management Journal, 42(6), pp.32-38.
Schneider, T., Sattler, J. and Haeberle, T., Sap Ag, 2012. Incident simulation support environment and business objects associated with the incident. U.S. Patent 8,234,633.
Wang, W., Chen, H. and Bell, M.C., 2005. A Review of Traffic Incident Duration Analysis [J]. Communication and Transportati0n Systems Engineering and Information, 3, p.022.
YIN, C.Y., YANG, X. and WANG, Y., 2010. Study on Customer-to-Customer Interaction in Service Encounter: Based on Critical Incident Technique [J]. Forecasting, 1, p.002.
Young, J.R., 2007. Cheating incident involving 34 students at Duke is business school's biggest ever. Chronicle of Higher Education, 53(36), p.45.