The Denver Channel reports:
Members of the National Association of Insurance Commissioners want a multi-state examination of Anthem, Inc. and its affiliates, following the discovery of a cybersecurity breach at the health insurance company.
[…]
Given the potential scope of the breach and the number of consumers affected, the NAIC said it anticipates all 56 states and territories will sign on to the examinations, which will be inclusive of all subsidiaries and affiliates of Anthem affected by the breach.
States with significant Anthem business are expected to take the lead: Indiana, California, Missouri, Maine and New Hampshire.
NAIC resources will support state insurance departments throughout the process. The NAIC Cybersecurity Task Force will monitor the efforts, update best practices and will determine whether regulatory action is warranted.
Read more on The Denver Channel.
Well, that sounds a lot better than a multitude of individual investigations, particularly if it leads to new best practices or regulatory action that might do a better job of protecting consumers.
Hopefully, as part of their investigation, they will seriously consider data retention and minimization, and whether the Social Security numbers of minors should be replaced with other identifiers.