Dive Brief:
- The National Association of Insurance Commissioners announced Friday that it is calling for swift action to perform a multi-state review of data security at Anthem, Inc. in light of the recent breach impacting 80 million members.
- Due to the scope of the breach, the NAIC says it expects all of the US states and territories to participate in the examinations, which will include all of Anthem's impacted subsidiaries and affiliates. The group calls out the states of Indiana, California, Missouri, Maine and New Hampshire as having very significant Anthem business.
- NAIC plans to provide resources to support state insurance departments during the review process, including oversight by the NAIC Cybersecurity Task Force.
Dive Insight:
The NAIC states that part of the process will include updating best practices and determining whether regulatory action is warranted in the case of Anthem's breach. Certainly, the industry will be watching to see the ultimate fallout for Anthem and what, if any, lessons are learned or standards are impacted.
"Since the news broke, regulators have been working together and have been in discussion with Anthem executives,” said Monica Lindeen, NAIC President and Montana Commissioner of Securities and Insurance, in a press release. “We are in agreement that an immediate and comprehensive review of the company's security must be a priority to ensure protection of consumers who are covered by Anthem."