Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers

Meanwhile, Anthem victims are now being harassed by scammers trying to collect even more personal information.

In response to the data breach at healthcare insurance provider
Anthem
last week, New Yorks Department of Financial Services (DFS)
announced today
that it will integrate regular, targeted assessments of cyber security preparedness at insurance companies as part of the departments examination process. The Department also plans to issue enhanced regulations to insurance companies based in New York, but has not yet solidified what those enhancements will be.
Encryption and multi-factor authentication may be on that list. Healthcare insurers are already subject to the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA), each of which have requirements about privacy and security, but neither of which explicitly require encryption of all personally identifiable information. HIPAAs focus is on medical data, not identity and employment data like that stolen from Anthem.
An Anthem executive
confessed to the
New York Times
Thursday that Anthem had not encrypted the database containing non-medical data, and that it was not required by HIPAA to do so.
The New York DFS today released results of a
survey
of insurers, outlining some of their cybersecurity practices. In that report, 100 percent of health insurers surveyed said they used encryption for data both in transit and in storage. However, it does not specify the nature or number of files that are encrypted and those that are not.
DFS also discovered that the largest organizations did not necessarily have the best cybersecurity. From the report:
Notably, the Department’s analysis of the insurers surveyed found that a wide array of factors – not just reported assets – affect the sophistication and comprehensiveness of the insurers’ cyber security programs. Those factors include reported assets, transactional frequency, the variety of business lines (insurance and non-insurance) written, and the sales and marketing technologies associated with those lines.
In other words, although it may be expected that the largest insurers would have the most robust and sophisticated cyber defenses, the Department did not necessarily find that to be the case.
DFS also indicated that it was considering the risks of third-party security breaches, stating that it was exploring stronger measures related to the representations and warranties insurance companies receive from third-party vendors.
Meanwhile, individuals whose personal information was exposed in the Anthem breach are now falling prey to scammers.
Anthem warned customers today
about scammers contacting breach victims via email or phone, posing as Anthem representatives, and soliciting even more personal data. Anthem stated that theres no evidence that those conducting the scams are the same ones who carried out the breach.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers