Table 2

Summary of insights

ConceptAnthemEquifaxCitrix
Stakeholders
  • Customers

  • Customers

  • Employees

  • Employees

  • Employees

  • Regulatory Bodies

  • Regulatory Bodies

Recovery areas
Customer recoveryFree credit monitoring or cash
  • Free credit monitoring

None that are apparent: Customers were not affected on the data breach
  • Credit lock and reports

  • Identity theft insurance

  • SSN scanning on dark web

Employee recoveryDetails on specific employee recovery activities were not found in the case, however, employees were also affected by the data breach as many employees' data were compromised, including the CEO at the timeChanges in organizational structure and management were caused by the data breach
  • Reimbursement for time spent addressing data breach

  • Monitoring services

  • Alternative cash payments

Process recovery
  • Implementation of two-factor authentication

  • Designate employee to oversee cybersecurity procedures

  • Commitment to enhance cybersecurity practices

  • Resetting passwords

  • Conduct annual risk assessments

  • Re-issuing ID's

  • Apply appropriate cybersecurity controls

  • Expanding security logging and monitoring capabilities

  • Improve testing and monitoring systems

  • Evaluated by third parties on cybersecurity effectiveness

Regulatory recoveryAdditional costs due to HIPAA violations and improved cybersecurity practices required for HIPAA complianceViolations of FTC Act Section 5: Unfair or Deceptive Acts or practices, as well as GLBL Act's safeguard RuleNone that are apparent: Notification actions were influenced by notification laws, but otherwise, there is little support for any recovery actions pertaining to regulations

or Create an Account

Close Modal
Close Modal