States Combine Resources to Reach Anthem Settlement
Multistate settlement safeguards consumers

WASHINGTON, D.C. (Dec. 16, 2016) —Members of the National Association of Insurance Commissioners (NAIC) have joined a settlement with Anthem, Inc. reaching the required threshold of participating jurisdictions. Eighteen states — including the lead states of California, Indiana, Maine, Missouri, New Hampshire, North Dakota and South Carolina — reached an agreement with Anthem in response to a data breach revealed in February 2015.

"This breach impacted an unprecedented number of insurance consumers," said John M. Huff, NAIC President and Missouri Insurance Director. "The fact that all 56 NAIC jurisdictions participated in the examination demonstrates the strength and unity of state-based insurance regulation."

Anthem is one of the nation's largest health insurance companies and conducts business in all 50 states and the District of Columbia. The targeted multistate market conduct and financial examination sought to assess Anthem's state of cybersecurity preparedness before the data breach, its response, the adequacy of measures taken to mitigate harm to affected consumers and to determine the responsible actors behind the data breach.

"As Anthem's domestic regulator, we reacted promptly to safeguard consumers and especially minors, while ensuring steps were taken immediately to mitigate the breach," said Indiana Insurance Commissioner Stephen W. Robertson. "The Indiana Department opened the investigation, and through the collaboration and support of many states we arrived at a fair and comprehensive settlement."

The settlement includes additional corrective actions including continued implementation of enhanced security measures, continuation of cybersecurity monitoring and a specially designed credit protection program offer to minors.

To address the industry's evolving risk in this area, the NAIC has taken a number of steps to enhance data security expectations across the insurance sector. The Cybersecurity (EX) Task Force has adopted the Principles for Effective Cybersecurity, a Roadmap for Consumer Cybersecurity Protections, a Report on the Cybersecurity Insurance Coverage Supplement, updated guidance for examiners regarding information technology systems and protocols and is currently working on drafting a new Insurance Data Security Model Law.

About the NAIC

The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five U.S. territories. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer review, and coordinate their regulatory oversight. NAIC staff supports these efforts and represents the collective views of state regulators domestically and internationally. NAIC members, together with the central resources of the NAIC, form the national system of state-based insurance regulation in the U.S. For more information, visit

Visit the NEWSROOM for media resources, archived releases and alerts   Join Our E-mail List to receive the latest news releases and other information from the NAIC Communications Division
  RSS Feed You Tube LinkedIn Facebook Twitter  
NAIC Web Site | State Insurance Department Sites | Copyright & Reprint Info | Privacy Statement ]
©2018 National Association of Insurance Commissioners. All rights reserved.