�鶹Ů��

The first lawsuits in the Anthem hack, the nation's largest health care breach to date, have been filed. At least four have been launched so far, in Indiana, California, Alabama and Georgia. The suits allege that Anthem did not take adequate and reasonable measures to ensure its data systems were protected and that the 80 million Anthem customers whose information may have been affected could be harmed. (Weise, 2/8)

Insurance regulators will launch a national investigation into the recent data breach at Anthem Inc., adding a new layer of scrutiny for the company as it contends with the fallout from a hacker incursion that the company said likely exposed personal information of tens of millions of consumers. The National Association of Insurance Commissioners, a group representing state regulators, announced the probe Friday. In a statement, the president of the group, Monica Lindeen, said its members agreed “that an immediate and comprehensive review of the company’s security must be a priority to ensure protection of consumers who are covered by Anthem.” (Wilde Mathews, 2/6)

After an online attack on Anthem, by far the largest breach in the industry, security experts warned on Friday that more attacks on health care organizations were likely because of the high value of the data on the black market. ... Medical identity theft has become a booming business, according to security experts, who warn that other health care companies are likely to be targeted as a result of the hackers’ success in penetrating Anthem’s computer systems. Hackers often try one company to test their methods before moving on to others, and criminals are becoming increasingly creative in their use of medical information, experts say. (Abelson and Creswell, 2/6)

The hackers who stole millions of health insurance records from Anthem Inc. commandeered the credentials of five different employees while seeking to penetrate the company's computer network — and they may have been inside the system since December. (Bailey, 2/7)

Insurers aren't required to encrypt consumers' data under a 1990s federal law that remains the foundation for health care privacy in the Internet age — an omission that seems striking in light of the major cyberattack against Anthem. Encryption uses mathematical formulas to scramble data, converting sensitive details coveted by intruders into gibberish. Anthem, the second-largest U.S. health insurer, has said the data stolen from a company database that stored information on 80 million people was not encrypted. (Alonso-Zaldivar, 2/7)

After one of the biggest thefts of medical-related customer data in U.S. history, Anthem Inc. warned consumers Friday against email and phone scams seeking to take advantage of the breach. The Indianapolis-based health insurer says “phishing” scams are targeting Anthem customers to get personal information using the breach as a pretense. The company also said consumers should be aware of phone calls about the cyber attack that ask people for credit card or Social Security numbers. (Shapiro, 2/6)

Several large-scale cyberattacks in recent months have prompted a number of lawmakers and policy makers to call for a more forceful response, including suggestions that the U.S. engage in counterattacks that would disable or limit the culprits’ own networks. ... Noteworthy cyberattacks in recent months have forced policy makers to rethink their approach. Late last year, the White House alleged that North Korea stole large amounts of data from Sony Pictures Entertainment Inc. Also, the recent theft of personal information from tens of millions of Anthem Inc. ’s health-insurance customers may have originated in China, the company has suggested, though law-enforcement officials continue to investigate the breach. (Paletta and Nissenbaum, 2/8)