Contact: Adam Joseph
February 11, 2015
One week after one of Connecticut’s largest health insurers, Anthem, announced that the company’s IT systems was hacked in a major data breach, the Senate’s Democratic leaders put forward their proposal to require insurance companies operating in Connecticut to encrypt all personal information records stored and transmitted by the companies.
“When people hear the words ‘data breach’ or ‘identity theft’ it shakes them to their core,” Senate Majority Leader Bob Duff (D-Norwalk) said. “It is imperative that we step up our game and that includes the private sector as well as government. That is why we are introducing this necessary, commonsense legislation to encrypt personal information. If we cannot prevent hackers from getting in, we can at least thwart their efforts by limiting what information they get and rendering it useless.”
“The exposure of personal health insurance records can have far-reaching consequences and can potentially wreak havoc on innocent lives,” said Senate President Martin M. Looney (D-New Haven). “In response to this crime, we must redouble our efforts to make sure that all health insurance records are protected from bad actors that approach hacking as a sport.”
“Each time we hear about a data breach we learn that the perpetrators’ methods are growing more and more sophisticated,” said Senator Joseph J. Crisco, Jr. (D-Woodbridge), Co-Chair of the Insurance & Real Estate Committee. “That is why it is paramount that we use every tool in our arsenal to impede hackers in their undertakings. This proposed legislation is an essential continuation of our efforts to protect Connecticut consumers and their personal information.”
According to cybersecurity experts, current encryption technology can limit the amount of data that even “authorized users” can view at one time, making it more difficult to compromise massive amounts of data.
An effort is underway across technology industries to make encryption the norm. As an example, Google has been moving its systems towards encryption—Gmail, YouTube and Google search are all encrypted for users.
Senate Democrats’ proposal would also require that any health insurance company who holds, uses or transmits personal information adopt secure user authentication protocols (such as mandatory user IDs, unique passwords, etc.) and upgrade information safeguards to limit future risks.
“I’m pleased to work with the senate president and majority leader in developing cybersecurity-appropriate standards for securing the personal data of individuals and businesses alike,” said state Senator Joan V. Hartley (D-Waterbury), who is working on related legislation in her role as Senate Chair of the Commerce Committee. “From the Commerce Committee’s point of view, we will be crafting a separate proposal to connect our research institutions with private businesses that are engaged in the cybersecurity sector.”
More than 80 million people nationally, including more than 1.1 million in Connecticut, could be impacted by the recent data breach at Anthem. While Anthem immediately reached out to the FBI to start an ongoing investigation, information stolen in the breach included data about current and former customers: names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail address, employment information and some income data.
(for both senators)
Legislative Office Building
Hartford, CT 06106-1591
See more news releases by Senator Looney.
See more news releases by Senator Duff.