The nation’s second largest health insurer, Anthem, announced today (2/5/2015) that is was hacked and the data on as many as 80 million current and a former plan members as well as employees have been exposed. Names, birth dates, medical ID numbers, social security numbers, home and email addresses as well as employment information and income data were accessed by the hackers, ABC News reported.
Anthem received praise from the FBI for notifying the agency quickly so that it could begin a criminal investigation. Anthem, however, has some very stringent reporting requirements as a result of the hack. California law requires each person whose information was exposed to be contacted within 5 days. And as a Covered Entity under HIPAA, Anthem also has to comply with federal notification laws.
If your business collects, maintains, transmits, stores, or archives individually identifiable personal financial or health information, your company also has similar reporting requirements in the event of a cyber-breach. Is your company ready to comply with state and federal laws on notification? Is your company in compliance with required security measures for your industry?
For more information related to this article and others like it, visit out blog pages at Goosmann Law Firm or contact us as at info@goosmannlaw.com or (712) 226-4000.