NYDFS Notifies Federal Regulators of New Potential Cyber Security Regulations

On November 9, 2015, the New York State Department of Financial Services (NYDFS) sent a memorandum entitled Potential New NYDFS Cyber Security Regulation Requirements to several federal and state financial services regulators, including banking, securities and insurance regulatory, administrative and supervisory  bodies.

These potential regulations are based on results of two sets of surveys of financial entities about their “cyber security programs, costs and future plans.” NYDFS surveyed 150 banks and 43 insurance companies. The results of the May 2014 banking industry survey are here

Continue Reading

Not If, But When: Another Health Insurer Hacked

In mid-September, it was reported that hackers hit another set of health insurance companies. In this case, the hackers hit The Lifetime Healthcare Companies and its affiliates including Excellus BlueCross BlueShield, Univera Healthcare, and The MedAmerica Companies. A full list of plans affected can be found on the press release outlining the details of the attack.

Hackers took information on approximately 10 millions customers including seven million from Excellus and three million from associated entities. Company IT officials first discovered the intrusion on August 5, …

Continue Reading

NAIC Adopts Cybersecurity Regulatory Guidance

On Thursday, April 16, 2015, the Cybersecurity Task Force of the National Association of Insurance Commissioners (NAIC) adopted the “Principles for Effective Cybersecurity Insurance Regulatory Guidance.” Monica J. Lindeen, the NAIC President and Montana Commissioner of Securities and Insurance noted that these 12 principles “will serve as the foundation for protection of sensitive consumer information held by insurers as well as insurance producers and guide regulators who oversee the insurance industry.”

The press release announcing the adoption notes:

The document identifies types of …

Continue Reading

NY Dept. of Financial Services Requests Detailed Cyber Security Reports From Insurers

Cyber security is clearly one of the highest priorities — if not the top concern — for regulators in 2015. Late last month, the New York Department of Financial Services (DFS) sent more than 160 licensed insurers a New York Insurance Law Section 308 Letter seeking a detailed report regarding their cyber security practices and procedures. The Section 308 Letter — to which there is now less than three weeks to respond — also provides greater insight into the scope of cyber security examinations that …

Continue Reading

Hackers Continue to Target Health Insurers

Another health insurer has fallen victim to hackers. Premera Blue Cross suffered a breach that may have affected upwards of 11 million consumers. The National Association of Insurance Commissioners (“NAIC”) announced that Washington Insurance Commissioner Mike Kreidler was coordinating the response. NAIC President Monica J. Lindeen stated in the announcement, “Events like this underscore the need for consumers to take immediate and ongoing action to protect personal information like passwords to bank accounts, credit card companies, health insurance accounts and any electronic database that contains …

Continue Reading

Cyber Breaches Prompt Government Action

The recent data breach at health insurer Anthem has sparked new legislation in Connecticut.   During the breach, at least 80 million records were stolen.  According to NBC News, among the 80 million victims, tens of millions of American children had their Social Security numbers, dates of birth, and health care ID numbers stolen.  In response, Connecticut state legislators are proposing legislation that would require health insurance companies to encrypt their customers’ data.   Connecticut’s proposed legislation is similar to recent legislation passed in New Jersey …

Continue Reading

New York Addresses Cyber Security Concerns with Insurers

Governor Andrew M. Cuomo launched an inquiry into the steps that insurers are taking to keep their customers and companies safe from cyber attacks citing the public entrustment of a wide variety of sensitive health, personal, and financial records to insurers and the critical importance of making sure that information is safeguarded.

The New York State Department of Financial Services (DFS) sent “308 Letters” requiring a response to the largest insurance companies that DFS regulates, requesting information on the policies and procedures they have in …

Continue Reading