"State Regulators Reach Settlement With Anthem for Cyber Breach"

December 16, 2016

The National Association of Insurance Commissioners (NAIC) announced that 18 states have reached a settlement with the health insurance company Anthem, Inc. over a February 2015 data breach. Indiana Insurance Commissioner Stephen Robertson, Anthem’s domestic regulator, stated in the press release, “As Anthem’s domestic regulator, we reacted promptly to safeguard consumers, and especially minors, while ensuring steps were taken immediately to mitigate the breach. The Indiana Department opened the investigation, and through the collaboration and support of many states we arrived at a fair and comprehensive settlement.”

The press release notes, “Anthem is one of the nation’s largest health insurance companies and conducts business in all 50 states and the District of Columbia. The targeted multistate market conduct and financial examination sought to assess Anthem’s state of cybersecurity preparedness before the data breach, its response, the adequacy of measures taken to mitigate harm to affected consumers and to determine the responsible actors behind the data breach.” The “settlement includes additional corrective actions including continued implementation of enhanced security measures, continuation of cybersecurity monitoring, and a specially designed credit protection program offer to minors.”