FOR IMMEDIATE RELEASE
States Combine Resources to Reach Anthem Settlement
Multistate settlement safeguards consumers
WASHINGTON, D.C. (Dec. 16, 2016) —Members of the National Association of Insurance Commissioners (NAIC) have joined a settlement with Anthem, Inc. reaching the required threshold of participating jurisdictions. Eighteen states — including the lead states of California, Indiana, Maine, Missouri, New Hampshire, North Dakota and South Carolina — reached an agreement with Anthem in response to a data breach revealed in February 2015.
"This breach impacted an unprecedented number of insurance consumers," said John M. Huff, NAIC President and Missouri Insurance Director. "The fact that all 56 NAIC jurisdictions participated in the examination demonstrates the strength and unity of state-based insurance regulation."
Anthem is one of the nation's largest health insurance companies and conducts business in all 50 states and the District of Columbia. The targeted multistate market conduct and financial examination sought to assess Anthem's state of cybersecurity preparedness before the data breach, its response, the adequacy of measures taken to mitigate harm to affected consumers and to determine the responsible actors behind the data breach.
"As Anthem's domestic regulator, we reacted promptly to safeguard consumers and especially minors, while ensuring steps were taken immediately to mitigate the breach," said Indiana Insurance Commissioner Stephen W. Robertson. "The Indiana Department opened the investigation, and through the collaboration and support of many states we arrived at a fair and comprehensive settlement."
The settlement includes additional corrective actions including continued implementation of enhanced security measures, continuation of cybersecurity monitoring and a specially designed credit protection program offer to minors.
To address the industry's evolving risk in this area, the NAIC has taken a number of steps to enhance data security expectations across the insurance sector. The Cybersecurity (EX) Task Force has adopted the Principles for Effective Cybersecurity, a Roadmap for Consumer Cybersecurity Protections, a Report on the Cybersecurity Insurance Coverage Supplement, updated guidance for examiners regarding information technology systems and protocols and is currently working on drafting a new Insurance Data Security Model Law.