Business Incident Analysis Essay Example

  • Category:
  • Document type:
  • Level:
  • Page:
  • Words:

Management and Communication Strategies 5

Management and Communication Strategies

Incident Management and Communication Strategies

The paper will address a business incident that occurred in 2015 and the effect extended to 2016. The paper will consider Anthem Inc. which is an insurance company. It will also highlight various measures that the company has applied since the breach occurred in order to maintain the customer. The paper will also highlight a number of consequences resulting from this massive breach (Bartolini et al. 2006). This paper will also outline the ways in which the company was able to detect the attack and their response.

Anthem Inc. was among the largest health insurance company in America. It had registered as many customers as 80 million by the year 2015. However, the company’s account information was stolen by hackers. According to the spokesperson of the company, hackers were able to get access the company’s computer system where they reached the following customers’ information; names of the customers, their social security numbers, email addresses, street addresses, their medical IDs, and the customers’ employment information which includes their income data (Lester, & Krejci, 2007). Investigation over the breach was been conducted by the FBI, but the real attackers have never been identified. The company was able to detect some malicious activities within their network and immediately notified the legal authorities for investigation. However, it was too late for them since attackers had already accessed relevant customers’ information and they had already stolen their data (Doelitzscher, et al. 2012).

This was the first and the largest health care breach that has ever occurred. In the past, no medical institution has ever experienced such an incident. Anthem Inc. was the first medical organization to have their data stolen. After the attack, the company developed a website where their customers, could get full information concerning the breach (Moynihan, 2007). The established website was The members were also to call and ask a relevant question concerning the breach to the management via a toll-free number. The number provided to the members was 877-263-7995. After discovering the attack by the hackers, the company notified the FBI in order to get the incident investigated (Blyth, 2009). The company notified the FBI immediately after they realized some suspicious network behaviors.

The customers were also directed that in case their information was stolen they were to report immediately to the FBI’s Internet crime complainant center via the website (Freiling, & Schwittay, 2007). The quick response to notify the FBI was very important since hackers can easily and quickly interfere with useful information and evidence that can be useful to identify individuals who are responsible for the intrusion.

In order to regain the customer’s confidence, the company reassured its customers that, it would provide an identity protection services to all its members (Attridge, & VandePol, 2010). The company made an arrangement that the customer’s identity would be protected for two years without charging them. This would be done via AllclearID protect (Krebs, 2008). However, some customers negatively responded to the attempt of the company to protect their identity at no cost. Some customers argued that lifting the charges was just a way of blackmailing them.

Since the time of the attack, FBI was in investigating the attack, but till the year 2016, the attacker had not been identified (Atkins et al. 2014). In 2016, the company’s spokesperson said that there were no traces of evidence that the stolen data from the company had been used fraudulently, shared, or sold. Some preliminary reports, however, linked the Anthem’s attack to Chinese hackers (Edvardsson et al. 2014). However, there was no justifiable evidence and therefore the FBI could not rely on the report. In order to secure their data for the future, the company hired Mandiant firm, which is a cyber-security firm which operates under a contractual obligation.

The victims were advised by the Better Business Bureau (BBB) to undertake the following measures in order to secure their Personal Identifying Information (PII). In case the social security number is stolen by the hackers, it can be harmful and disadvantageous to the victims (Blake et al. 2008). Therefore, the victims were advised to avoid the wait and see approach and respond quickly to report to the local authority. This is because damages associated to social security number are not easily repaired. Freezing of the credit card report, by freezing credit card the hackers will be blocked from creating a fraudulent account based on your PII (Guenthner, 2012). It would, however, have no impact on the existing financial accounts and credit cards.

The customers, who were certain that their social security number was stolen, were advised to put in place a fraud alert even though it would be less effective than freezing the account. The victims were also to keep checking their credit report. The regular credit report checking was to be done in the Here the victim would identify any unusual or unauthorized transaction.

The massive breach had a lot of negative impacts. To start with, the victims are likely to experienced identity theft. This would affect the victims since the attacker would use their PII to acquire credits and for financial gain (Bryman, & Bell, 2015). If the data is not retained or the hacker identified then the victims are likely to suffer through their lives. Secondly, the company will also be affected in that its reputation will be damaged. Due to the breach, Anthem Inc.’s customers lost their confidence in the company (Ahmad, Hadgkiss, & Ruighaver, 2012). This may negatively affect the company since no potential customer will be attracted to this organization after the massive breach. The existing customers will also lose confidence and opt to get better services from other service providers.

The other impact of the breach is theft. Following the breach, the company lost crucial data of their customers. Anthem Inc.’s network was accessed by unknown hackers. They stole information of about 80 million people (Young, 2007). The company losing this data may not be in a position to deliver services to the customers since it lacks the relevant information required for smooth service delivery. Theft of the data affected the company negatively (Feltus, et al. 2007).

The revenue loss is also another negative impact of the breach on Anthem Inc. The hackers were able to access the company’s website and make major changes in the system. The company had to spend a lot of money in the investigation process. Money spent to fund investigations and setting more strategies in order to maintain the customer’s confidence should have been used for development purposes (Crane, & Matten, 2016).

Communication strategies that the company applied

Watch Reactions

After the breach, the company has been involved in field research on how to handle the challenge. The company aiming to regain the trust of their customers has been in the field identifying the view of the customers and reacting towards their response. In collecting the data, it has been taking media survey which has enabled it to take appropriate measures. The reason for this company applying such strategies is to ensure that such a challenge will not occur once again (Blake, et al. 2010). Other companies are also to learn from the Anthem’s attack and apply appropriate measures to secure data. The strategy will be useful in breach response, where the company will develop a more improved plan on breach response. The developed plan is meant to detect any form of data breach quickly before the hacker hides their identity and destroy the evidence. The plan is aimed to reduce the harm associated to the breaching of the data (Guo, & Wang, 2009).


Development in technology has made meeting events to be easy and timely. The company has been involving its staff and stakeholder in response plan development through teleconferencing and video conferencing. This response plan is developed in such a way that it notifies the legal authority soonest possible when attacks are detected. Notifying the legal authority will ensure that the attack is contained immediately (Rotvold, 2008). By notifying the legal authority, the relevant measure will be taken, and investigation will commence immediately. In case hackers are identified, they will face the law since this is a criminal act.

The company has also developed a data tracking system. This is a system that monitors data movement within the organization’s network. The tracking system is installed in order to block any unintended use of customer’s information (Schneider et al. 2012). The tracking system is also meant to trace any attempt of the hacker to register or to apply for credit services or financial advantages using the stolen data of their customer.

Enroll an observer strategy

Anthem Inc. has also developed a strategy to monitor data leakage. The security team will be responsible for a regular check on the network ensuring full control of the company’s network (Wang et al. 2005). The regular data checking by the security team will help detect if any private date has been displayed on the internet for the general public to view it. In the case of such occurrence, immediate measures are to be taken and contain the situation immediately before attackers are able to steal the data (Yin, Yang, & Wang, 2010). The security team; an external firm is mandated to advise the company on areas where the data leakage is likely to occur. The Mandiant security firm being an external observer will be in a position to identify the loopholes within the organization.

The company has also ensured automate security, the introduction of a strong automate security system by the company will ensure that there is a reduced risk of hackers to access sensitive information (Doelitzscher et al. 2011). The system is designed such that it will check the firewall configuration, server, and password set on a regular basis. This will ensure that the network will not be hacked easily without detecting the attack.

Mass media communication strategy

The company has, to keep its members updated and the progress it has made in ensuring that the customers’ PII information is safe. It is not easy to reach the entire members one on one. The company, therefore, had to reach its member through print media, through national television, and radio. In communicating through the press media the company, in summary, outlined the following information to its member, according to the company’s investigation; the hackers were not in a position to access the customers’ confidential information such as diagnosis. The company has also indicated that their customers should not be a worry since the present investigation and report has shown that none of the customer’s information has been misused (Ferreira, & Silva, 2008). The company, in addition, has developed a program of enrolling the victims of the breach into an identity repair service. Those who will be affected will be directed on how they are to enroll into a credit monitoring which is free of charge (Bandara, Rosemann, & Cornes, 2005). The impacted members will be reached and notified via mail.

Media Interviews

Since the company’s attack hit most of the media’s topics, customers needed better clarifications on how their data were stolen. They also wanted to know how the company had responded to the challenge and measures taken to curb such massive breach. In response, the company through its spokesperson highlighted that, it reported the attack immediately after detecting it to the FBI; it has been cooperating with the FBI in the process of investigation. The company also retained Mandiant security firm. This is the world’s leading cyber security firm. This firm will help the company in responding to the incident as well as assessing the services (Li et al. 2014).

In conclusion, the breach of the company left millions of people affected. The breach led to losing of personal identity information which is very crucial. The following information was stolen names of the customers, the social security numbers, email addresses, street addresses, medical IDs, and employment. The company was able to come up with an investigation team which has been investigating the attackers (Hertenstein, 2010).

In response to the breach, the company has developed some corrective measures to ensure such a massive breach does not recur. These remediation measures include breach response, development of a stronger data tracking system, ensuring automates security (Collis, & Hussey, 2013). These measures are meant to ensure that the company will not experience such a big loss in the future.

The victims have been guided by the BBB to take appropriate measures in response to the breach. Some of the recommended response includes the freezing of their credit report; they are to report to the local legal authority and take a fraud alert. These were measures that will help the victims secure their identity and also help secure their financial accounts.

It is recommendable that all businesses to secure their data. Attackers are likely to steal relevant information and this may contribute to the failure of the business. All businesses either small or large should ensure that their business is safe from attackers. This is because the businesses are likely to lose their existing customers and also their potential customers (Gâteau, Khadraoui, & Feltus, 2009). The following are the major causes of breaches; budget constraints, in case the business does not have enough resources to keep the network system updated, hacker are likely to attack and hack the business’ network.

Inadequate skilled personnel, it is important that all the workers are enlightened of the danger of hacking. This will ensure that the individuals handling sensitive information are careful and maintain a high level of confidentiality (Bartolini et al. 2008). Only authorized personnel should have access to the crucial information. Incompatible systems, in case a business operates under an incompatible system, hackers are likely to crack it down and access the crucial information. This may lead to a big loss in the company.

Links used


Ahmad, A., Hadgkiss, J. and Ruighaver, A.B., 2012. Incident response teams–Challenges in supporting the organisational security function. Computers & Security31(5), pp.643-652.

Atkins, M.G., Carey, J.E., Markland, M.W. and Sanders, P.J., International Business Machines Corporation, 2014. Administering incident pools for event and alert analysis. U.S. Patent 8,898,299.

Attridge, M. and VandePol, B., 2010. The business case for workplace critical incident response: A literature review and some employer examples. Journal of Workplace Behavioral Health25(2), pp.132-145.

Bandara, W., Rosemann, M. and Cornes, J., 2005. Business process redesign in information technology incident management: A teaching case.

Bartolini, C., Sallé, M. and Trastour, D., 2006, April. IT service management driven by business objectives An application to incident management. In Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP (pp. 45-55). IEEE.

Bartolini, C., Stefanelli, C. and Tortonesi, M., 2008. SYMIAN: A simulation tool for the optimization of the IT incident management process. Managing Large-Scale Service Deployment, pp.83-94.

Blake, K.W., Converse, V.K., Edmark, R.O.N. and Garrison, J.M., International Business Machines Corporation, 2008. Method and system for morphing honeypot with computer security incident correlation. U.S. Patent 7,412,723.

Blake, K.W., Converse, V.K., Edmark, R.O.N. and Garrison, J.M., International Business Machines Corporation, 2010. Method and system for morphing honeypot with computer security incident correlation. U.S. Patent 7,694,339.

Blyth, M., 2009. Business continuity management: building an effective incident management plan. John Wiley & Sons.

Bryman, A. and Bell, E., 2015. Business research methods. Oxford University Press, USA.

Collis, J. and Hussey, R., 2013. Business research: A practical guide for undergraduate and postgraduate students. Palgrave macmillan.

Crane, A. and Matten, D., 2016. Business ethics: Managing corporate citizenship and sustainability in the age of globalization. Oxford University Press.

Doelitzscher, F., Reich, C., Knahl, M. and Clarke, N., 2011, November. An autonomous agent based incident detection system for cloud environments. In Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on (pp. 197-204). IEEE.

Doelitzscher, F., Reich, C., Knahl, M., Passfall, A. and Clarke, N., 2012. An agent based business aware incident detection system for cloud environments. Journal of Cloud Computing: Advances, Systems and Applications1(1), p.9.

Edvardsson, B., Kowalkowski, C., Strandvik, T. and Voima, P., 2014. Negative critical waves in business relationships: an extension of the critical incident perspective. journal of business & industrial marketing29(4), pp.284-294.

Feltus, C., Khadraoui, D., De Rémont, B. and Rifaut, A., 2007. Business governance based policy regulation for security incident response. Crisis7.

Ferreira, D.R. and Da Silva, M.M., 2008, April. Using process mining for ITIL assessment: a case study with incident management. In Proceedings of the 13th Annual UKAIS Conference, Bournemouth University.

Freiling, F. and Schwittay, B., 2007. A common process model for incident response and digital forensics. Proceedings of the IMF2007.

Gâteau, B., Khadraoui, D. and Feltus, C., 2009, June. Multi-agents system service based platform in telecommunication security incident reaction. In Information Infrastructure Symposium, 2009. GIIS’09. Global (pp. 1-6). IEEE.

Guenthner, D., 2012. Emergency and crisis management: Critical incident stress management for first responders and business organisations. Journal of business continuity & emergency planning5(4), pp.298-315.

Guo, W. and Wang, Y., 2009, December. An incident management model for SaaS application in the IT organization. In Research Challenges in Computer Science, 2009. ICRCCS’09. International Conference on (pp. 137-140). IEEE.

Hertenstein, D., International Business Machines Corporation, 2010. Third party verification of insurable incident claim submission. U.S. Patent Application 12/961,699.

Krebs, B., 2008. Cyber incident blamed for nuclear power plant shutdown. Washington Post, June5, p.2008.

Lester, W. and Krejci, D., 2007. Business “Not” as usual: The national incident management system, federalism, and leadership. Public Administration Review67(s1), pp.84-93.

Li, T.H., Liu, R., Sukaviriya, N., Li, Y., Yang, J., Sandin, M. and Lee, J., 2014, June. Incident ticket analytics for it application management services. In Services Computing (SCC), 2014 IEEE International Conference on (pp. 568-574). IEEE.

Moynihan, D.P., 2007. From Forest Fires to Hurrican Katrina: Case Studies of Incident Command Systems. Washington: IBM Center for the Business of Government.s

Rotvold, G., 2008. How to create a security culture in your organization: A recent study reveals the importance of assessment, incident response procedures, and social engineering testing in improving security awareness programs. Information Management Journal42(6), pp.32-38.

Schneider, T., Sattler, J. and Haeberle, T., Sap Ag, 2012. Incident simulation support environment and business objects associated with the incident. U.S. Patent 8,234,633.

Wang, W., Chen, H. and Bell, M.C., 2005. A Review of Traffic Incident Duration Analysis [J]. Communication and Transportati0n Systems Engineering and Information3, p.022.

YIN, C.Y., YANG, X. and WANG, Y., 2010. Study on Customer-to-Customer Interaction in Service Encounter: Based on Critical Incident Technique [J]. Forecasting1, p.002.

Young, J.R., 2007. Cheating incident involving 34 students at Duke is business school’s biggest ever. Chronicle of Higher Education53(36), p.45.