While not as far-reaching as the recent data breaches at Target and Home Depot, or even the massive one at Anthem, the CareFirst breach struck a different cord. The Anthem breach earlier this year taught us that for consumers, health care breaches are scarier and more personal than the others.
Why? It is a whole new level of information that is being compromised. Due to the nature of the system, if consumers want health care, they must trust providers like CareFirst and Anthem to hold and protect their most sacred information. It was even worse for Anthem, which also compromised data from former members and members of private insurance companies for whom Anthem managed paperwork – who didn't even know they were trusting Anthem with this information.
But at the end of the day, this latest breach – just like Anthem's – was probably preventable. Or, if it wasn't preventable for CareFirst or Anthem, it could be for your company.
Recommended For You
If there is one good takeaway from the breaches thus far this year, its that they can serve as a wake-up call for companies managing a significant amount of employee data. Large companies all have similar information to CareFirst, via their HR departments. Social security numbers, medical background, addresses and more. What is shocking is that many of these global companies are still storing, updating, and sharing all of this information within the HR department in manual-based reporting documents such as Excel spreadsheets.
The risks for conducting operations this way are innumerable, but here are some of the most critical ones:
- Security limitations – Spreadsheets are open by nature. They're not encrypted and are incredibly vulnerable to outside access, especially when you have many people in an HR department who need to consistently open, edit, and share these documents. And they're not just sharing them internally – most large companies are sending these spreadsheets to multiple providers in different countries via email, with this personal information as an attachment. So, there's an added risk that the information is sent to the wrong person or is hacked en route to its intended destination.
- Unauthorized access – When you're collaborating on manual spreadsheets, it's easy for an unauthorized person to get copied into the conversation or otherwise inadvertently sent a document that should require a passcode to view.
In addition to security risks, spreadsheets pose a threat to the validity of employees' personal information:
- Typing errors – Nearly 90 percent of spreadsheets contain errors that range from minor to severe, according to recent studies like this one – primarily because companies rely on manual data entry and customized formulas. When you're talking about personal information from thousands of employees, this is an unacceptable rate.
- Versioning mistakes – Global companies typically have an HR department or representative in several different regions around the world. This can easily lead to people working from the wrong document, updating it with irrelevant information, and more. The chances of this happening are only increasing with trends like BYOD, where employees might open a third party document to edit something on their own device.
Many companies are moving away from these manual processes for their American employees. They also have prepared back-ups plans and other security measures in the case of a breach. However, the waters are a bit murkier when you look at the global pictures.
These U.S-based companies should also make sure that they are addressing these issues head on for their international employees. All companies with an international employee base – whether their headquarters are in the United States or not – need to be thinking about a plan for tightening control on the data their employees rely on being kept safe. The security risks for data breaches are only getting higher. Companies need to come up with a plan before they're on the defensive.
Chris Bruce is co-founder and managing director of Thomsons Online Benefits.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
