From: Dow Jones Business News
–New York seeks details on how insurers protect policyholder records
–Governor says information provided to insurers is “a virtual treasure trove for hackers”
–Companies ask for information include Aetna, AIG, Humana, MetLife, Travelers and others
(Adds comments from MetLife, Prudential in the sixth paragraph.)
By Debbie Cai
New York Gov. Andrew M. Cuomo is seeking details on how insurers are protecting customers and companies’ health and financial records from online security threats, the New York State Department of Financial Services said in a statement.
The DFS on Tuesday sent “308 letters”–to which insurers are legally required to respond–to 31 insurance companies that it regulates, requesting information on the policies and procedures they have in place to protect against cyberattacks.
The list of companies includes Aetna Inc. ( AET ), American International Group Inc. ( AIG ), Allstate Corp. ( ALL ), Humana Inc. ( HUM ), MetLife Inc. ( MET ), Travelers Cos. ( TRV ) and UnitedHealth Group Inc. ( UNH ).
Gov. Cuomo said the sensitive health, personal and financial information that New Yorkers entrust to their insurance companies is “a virtual treasure trove for hackers.”
The 308 letters request a variety of information, including any cyberattacks the companies have been subject to in the past three years, cybersecurity safeguards in place, information technology management policies, and the amount of funds and other resources dedicated to cybersecurity at the companies.
A spokesman for MetLife said the company take cyber threats “seriously” and will respond to the department’s requests. A Prudential spokesman, said, “While we cannot comment specifically on the governor’s announcement, protecting the confidential information of our policyholders is of paramount importance to Prudential.”
Earlier this year, DFS sent similar inquiries to the largest banks that it regulates, requesting information on their cybersecurity policies, the statement said.
Gov. Cuomo recently formed a board to advise his administration on developments in cybersecurity and make recommendations for protecting the state’s critical infrastructure and information systems.
–Leslie Scism contributed to this article.