Summary of insights
| Concept | Anthem | Equifax | Citrix |
|---|---|---|---|
| Stakeholders |
|
|
|
|
| ||
|
| ||
| Recovery areas | |||
| Customer recovery | Free credit monitoring or cash |
| None that are apparent: Customers were not affected on the data breach |
| |||
| |||
| |||
| Employee recovery | Details on specific employee recovery activities were not found in the case, however, employees were also affected by the data breach as many employees' data were compromised, including the CEO at the time | Changes in organizational structure and management were caused by the data breach |
|
| |||
| |||
| Process recovery |
|
|
|
|
| ||
|
| ||
|
| ||
| |||
| Regulatory recovery | Additional costs due to HIPAA violations and improved cybersecurity practices required for HIPAA compliance | Violations of FTC Act Section 5: Unfair or Deceptive Acts or practices, as well as GLBL Act's safeguard Rule | None that are apparent: Notification actions were influenced by notification laws, but otherwise, there is little support for any recovery actions pertaining to regulations |
| Concept | Anthem | Equifax | Citrix |
|---|---|---|---|
| Stakeholders | Customers | Customers | Employees |
Employees | Employees | ||
Regulatory Bodies | Regulatory Bodies | ||
| Customer recovery | Free credit monitoring or cash | Free credit monitoring | None that are apparent: Customers were not affected on the data breach |
Credit lock and reports | |||
Identity theft insurance | |||
SSN scanning on dark web | |||
| Employee recovery | Details on specific employee recovery activities were not found in the case, however, employees were also affected by the data breach as many employees' data were compromised, including the CEO at the time | Changes in organizational structure and management were caused by the data breach | Reimbursement for time spent addressing data breach |
Monitoring services | |||
Alternative cash payments | |||
| Process recovery | Implementation of two-factor authentication | Designate employee to oversee cybersecurity procedures | Commitment to enhance cybersecurity practices |
Resetting passwords | Conduct annual risk assessments | ||
Re-issuing ID's | Apply appropriate cybersecurity controls | ||
Expanding security logging and monitoring capabilities | Improve testing and monitoring systems | ||
Evaluated by third parties on cybersecurity effectiveness | |||
| Regulatory recovery | Additional costs due to HIPAA violations and improved cybersecurity practices required for HIPAA compliance | Violations of FTC Act | None that are apparent: Notification actions were influenced by notification laws, but otherwise, there is little support for any recovery actions pertaining to regulations |
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.