Two senior U.S. senators demanded Anthem Inc. pick up the pace in notifying as many as 79 million Americans that their personal information may have been stolen from the health insurer in a computer breach last month.
Indianapolis-based Anthem, which runs Blue Cross and Blue Shield plans in 14 states, said Feb. 4 that hackers accessed information on its customers and those of partner companies. Over a month later, more than 50 million people affected by the breach haven’t been notified by the company, senators Lamar Alexander and Patty Murray said in a letter.
“While we understand the logistical challenges associated with contacting millions of people, the highly sensitive nature of this information makes early notification essential, and we are concerned with your slow pace of notification and outreach thus far,” the senators wrote.
Anthem said on Feb. 5 that it would take about 10 to 14 days to identify which customers had data stolen and start notifying them.
Alexander, a Tennessee Republican, leads the Senate Health, Education, Labor and Pensions Committee. Murray, of Washington, is the panel’s senior Democrat.
The two lawmakers demanded that Anthem share a plan to “dramatically increase the pace of notification.”
Anthem has accelerated its notifications “over the last few days,” said Kristin Binns, a spokeswoman for the company. About 2.4 million notices are mailed daily, she said.
The company has established a website, anthemfacts.com, where people affected by the breach can sign up for two years of credit monitoring, even if they haven’t yet received a notification letter.
“Should a member experience identify theft that may be a result of Anthem’s cyberattack, free identity theft protection services are available and are retroactive to the date of the cyberattack and do not require enrollment,” Binns said. The services are available to both Anthem customers and those of partner companies whose information was accessed in the hack, she said.