> A recent theft involving Anthem is a perfect illustration. Tens of millions of patient records were compromised, all were stored in a centralized database, none were encrypted, and no one has been caught.<p>This is such BS on Anthem's part. Our company works with Blue Cross payers (insurance) and 1) we are required to remain HIPAA compliant and 2) our clients almost always include provisions on additional encryption, monitoring, logging, security, etc.<p>As a smaller startup with far fewer resources than these large companies, it's really insulting when they can do something as simple as provide data encryption and no store plain-text passwords.