STAMFORD, Conn. -- Soon after Anthem, one of Connecticut’s largest health insurers, announced that its IT systems were hacked in a major data breach, state Sen. Carlo Leone (D-Stamford, Darien) put forward their proposal to require insurance companies operating in Connecticut to encrypt all personal information records stored and transmitted by the companies.
“In the aftermath of the Anthem breach, my constituents have reached out to me wondering how something like this could happen, and asking that the legislature do its part to protect their personal information,” Leone said in a statement. “Other states already require that insurers encrypt this information, and it is unacceptable that we are not affording Connecticut consumers the same protections available in other states. It’s time for the General Assembly to pass this commonsense measure.”
According to cybersecurity experts, current encryption technology can limit the amount of data that even “authorized users” can view at one time, making it more difficult to compromise massive amounts of data. An effort is underway across technology industries to make encryption the norm.
“When people hear the words ‘data breach’ or ‘identity theft’ it shakes them to their core,” Senate Majority Leader Bob Duff (D-Norwalk, Darien) said in a statement. “It is imperative that we step up our game and that includes the private sector as well as government. That is why we are introducing this necessary, commonsense legislation to encrypt personal information. If we cannot prevent hackers from getting in, we can at least thwart their efforts by limiting what information they get and rendering it useless.”
The proposal would also require that any health insurance company who holds, uses or transmits personal information adopt secure user authentication protocols (such as mandatory user IDs, unique passwords, etc.) and upgrade information safeguards to limit future risks.
More than 80 million people nationally, including more than 1.1 million in Connecticut, could be impacted by the recent data breach at Anthem.
While Anthem immediately reached out to the FBI to start an ongoing investigation, information stolen in the breach included data about current and former customers: names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail address, employment information and some income data.
Click here to sign up for Daily Voice's free daily emails and news alerts.