The sheer amount of sensitive information information held by insurance companies can be staggering, and New York Governor Andrew Cuomo is launching an effort to make sure these firms are keeping cyber security a top priority. With personal, financial and health records being held by these organizations, this information must be guarded especially in light of all the emerging risks and targeted attacks that can affect organizations.
According to the governor's website, 308 letters were sent to the state's largest insurance providers. The letters let these organizations know how important it was to keep the information safeguarded.
"The extraordinarily sensitive health, personal, and financial information that New Yorkers entrust to their insurance companies is a virtual treasure trove for hackers," Cuomo said. "We're intensely focused on making sure that banks have the protections in place they need, but we always have to keep at least one eye on the lookout for the next big threat. It's vital that we stay ahead of the curve on cyber security because we know hackers aren't going to give us any breathing room."
Letters sent out to these companies ask for information on any attacks the company has experienced in the past three years, the security safeguards the organization has in place, data governance policies in effect, amount budgeted for security tools and internal reporting procedures. Benjamin M. Lawsky, superintendent of financial services and co-chair of the Governor's Cyber Security Advisory Board, said the security at these companies gets overlooked far too often and there needs to be work done to ensure residents are protected from any hacking or attack that might take place.
Companies that received inquiries included AIG, Allstate, Guardian Life, Humana, Nationwide and many more.
The potential for a giant security breach was showcased by the 1.1 million individuals that fell victim to an October hacking of Nationwide Mutual Insurance Company. Even some who had simply looked for an insurance quote had their information stolen, according to NBC News, as names, Social Security numbers, drivers license numbers and birth dates were stolen from the company's network.
"At this time, we have no evidence that any medical information or credit card account information was stolen in the attack," the company explained to customers after the breach. "We promptly reported this criminal attack to law enforcement authorities, who are actively investigating the incident."
To avoid future instances of cyber security breaches, New York's initiative can be a positive step.
Security News from SimplySecurity.com by Trend Micro.