The National Association of Insurance Commissioners has asked each state insurance department to examine how the massive data breach at Indianapolis-based Anthem is affecting consumers.
The NAIC, which establishes guidelines for state-based insurance regulators, said it expects all U.S. states and territories will pitch in. The insurance departments in California, Indiana, Missouri and other states where Anthem has a large presence will likely coordinate the effort. California Insurance Commissioner Dave Jones started monitoring Anthem's response to the breach immediately after it was announced.
“We are in agreement that an immediate and comprehensive review of the company's security must be a priority to ensure protection of consumers who are covered by Anthem,” Monica Lindeen, the NAIC's president and Montana's insurance chief, said in a news release.
Anthem, the second-largest health insurer in the country by market capitalization, said last week that hackers unleashed a “sophisticated” attack on one of its information technology systems. The personal data of up to 80 million people was exposed, although the insurer maintains that medical and credit card information was not targeted.
The NAIC's probe comes months after the group created a task force focused on cybersecurity issues. Although the task force is still in its infancy, one of its goals is to help insurance departments understand and make recommendations on how insurers are storing consumer data.
“The threat of a cyberattack is very real, and state regulators are committed to developing the tools we need to ensure effective regulation in this area,” Adam Hamm, NAIC's former president, said in November when the task force was created.
The NAIC did not give a timeline for the Anthem probe and did not say what would ultimately come from the review.
Experts predict the data hack will not immediately damage Anthem's financials or spur other healthcare organizations to beef up IT and data security spending. Anthem's stock was trading around $135 per share Monday morning, about 1.5% lower than it was just before the company announced the breach last week.
Follow Bob Herman on Twitter: @MHbherman