On Tuesday, May 28, at the direction of New York Governor Andrew Cuomo, the New York State Department of Financial Services (“DFS”) requested that the State’s largest insurance companies provide DFS with information regarding their cybersecurity practices. Among other requests, DFS is seeking information on what cybersecurity safeguards those insurance companies have in place, whether they have been the target of a cyber-attack within the past three years and the amount of resources the insurance companies dedicate to cybersecurity. The requests came in the form of “308 Letters,” which create a legal obligation for the recipient insurance companies to provide a response. DFS sent similar requests to the largest banks operating in the State earlier this year. The Governor stressed that while the State is “intensely focused on making sure that banks have the protections in place they need . . . we always have to keep at least one eye on the lookout for the next big threat.” The Superintended of DFS and co-chair of Governor Cuomo’s Cyber Security Advisory Board opined that “cybersecurity at insurance companies is something that often gets overlooked, but it’s far too important to get caught in a blind spot. We need to make sure that those insurance records are protected from hack attacks that could put New Yorkers at risk.” The 31 insurance companies receiving the letters include Aetna, AIG, Humana, Liberty Mutual, MetLife, Travelers and United Health Group.
The full text of a related Press Release issued from Governor Cuomo’s Office may be read at: http://www.dfs.ny.gov/about/press2013/pr1305281.htm
To read the full text of a related advisory, please click on Cyber Alert – New York State Inquires into Insurance Company Cybersecurity Practices: A Signal of Increased Proactive Regulator Interest in Data Security?
Written by Louis Dennig, Associate, Litigation & Trial Practice Group | Alston & Bird LLP