Cybersecurity

‘Mind-bending’ health insurer hack prompts new cyber concern

by Julian Hattem

The “breathtaking” and “mind-bending” theft of personal information of up to 80 million customers of the nation’s second-largest health insurance provider is reason for new focus on protecting Americans’ data, senators said on Thursday.

“These high-profile breaches are the most severe of what have become a common occurrence in our digital society,” said Sen. Jerry Moran (R-Kan.), the head of the Senate Commerce Subcommittee on Consumer Protection and Data Security.

{mosads}“The importance of this issue was brought home … just this morning, when we read about the Anthem breach, which was absolutely breathtaking in its scope and scale,” added Sen. Richard Blumenthal (D-Conn.), the panel’s ranking member.

“It is not only breathtaking, but mind-bending in its extent and potential impact and potentially heartbreaking for consumers who may have been affected,” he added.

Hackers carrying out the attack managed to walk away with Social Security numbers, addresses, names and birth dates for tens of millions of people, Anthem revealed early on Thursday. Neither credit card data nor medical information were stolen, Anthem has said. 

It is the largest healthcare breach made public.

The senators’ comments on Thursday came during a hearing to examine new legislation to better notify consumers after their information has been stolen.

Lawmakers have long worked on some type of data breach notification legislation and have received support from President Obama, among others. To date, however, Congress has yet to advance any legislation on the issue, despite the recent hacks of companies like Target and JP Morgan.

Meanwhile, dozens of states have taken action, and data breach notification laws currently exist in 47 states as well as the District of Columbia. Major companies say that leaves them to contend with a dizzying patchwork of laws.

Critics on the left have worried that any federal legislation might pre-empt and weaken the dozens of laws that currently exist at the state level. On the right, meanwhile, some advocates have worried about an overly strict law with data security standards set by the government.