Insurance Regulators To Investigate Anthem Data Breach; First Lawsuits Filed Related To The Hack

USA Today: First Lawsuits Launched In Anthem Hack
The first lawsuits in the Anthem hack, the nation's largest health care breach to date, have been filed. At least four have been launched so far, in Indiana, California, Alabama and Georgia. The suits allege that Anthem did not take adequate and reasonable measures to ensure its data systems were protected and that the 80 million Anthem customers whose information may have been affected could be harmed. (Weise, 2/8)

The Wall Street Journal: Insurance Regulators To Investigate Recent Data Breach At Anthem
Insurance regulators will launch a national investigation into the recent data breach at Anthem Inc., adding a new layer of scrutiny for the company as it contends with the fallout from a hacker incursion that the company said likely exposed personal information of tens of millions of consumers. The National Association of Insurance Commissioners, a group representing state regulators, announced the probe Friday. In a statement, the president of the group, Monica Lindeen, said its members agreed “that an immediate and comprehensive review of the company’s security must be a priority to ensure protection of consumers who are covered by Anthem.” (Wilde Mathews, 2/6)

The New York Times: Data Breach At Anthem May Lead To Others
After an online attack on Anthem, by far the largest breach in the industry, security experts warned on Friday that more attacks on health care organizations were likely because of the high value of the data on the black market. ... Medical identity theft has become a booming business, according to security experts, who warn that other health care companies are likely to be targeted as a result of the hackers’ success in penetrating Anthem’s computer systems. Hackers often try one company to test their methods before moving on to others, and criminals are becoming increasingly creative in their use of medical information, experts say. (Abelson and Creswell, 2/6)

The Associated Press: Anthem: Hackers Compromised 5 Workers' Credentials, May Have Been In Network Since December
The hackers who stole millions of health insurance records from Anthem Inc. commandeered the credentials of five different employees while seeking to penetrate the company's computer network — and they may have been inside the system since December. (Bailey, 2/7)

The Associated Press: No Encryption Standard Raises Health Care Privacy Questions
Insurers aren't required to encrypt consumers' data under a 1990s federal law that remains the foundation for health care privacy in the Internet age — an omission that seems striking in light of the major cyberattack against Anthem. Encryption uses mathematical formulas to scramble data, converting sensitive details coveted by intruders into gibberish. Anthem, the second-largest U.S. health insurer, has said the data stolen from a company database that stored information on 80 million people was not encrypted. (Alonso-Zaldivar, 2/7)

The St. Louis Post-Dispatch: After Breach, Anthem Warns Customers To Avoid Scams
After one of the biggest thefts of medical-related customer data in U.S. history, Anthem Inc. warned consumers Friday against email and phone scams seeking to take advantage of the breach. The Indianapolis-based health insurer says “phishing” scams are targeting Anthem customers to get personal information using the breach as a pretense. The company also said consumers should be aware of phone calls about the cyber attack that ask people for credit card or Social Security numbers. (Shapiro, 2/6)

The Wall Street Journal: Debate Deepens Over Response To Cyberattacks
Several large-scale cyberattacks in recent months have prompted a number of lawmakers and policy makers to call for a more forceful response, including suggestions that the U.S. engage in counterattacks that would disable or limit the culprits’ own networks. ... Noteworthy cyberattacks in recent months have forced policy makers to rethink their approach. Late last year, the White House alleged that North Korea stole large amounts of data from Sony Pictures Entertainment Inc. Also, the recent theft of personal information from tens of millions of Anthem Inc. ’s health-insurance customers may have originated in China, the company has suggested, though law-enforcement officials continue to investigate the breach. (Paletta and Nissenbaum, 2/8)