Senators rip Anthem for 'unacceptable' response to data breach

Leaders of the Senate’s health committee are accusing the insurer Anthem of failing to inform millions of people who may have been affected by a massive data breach.

Committee chairman Lamar AlexanderLamar AlexanderOvernight Regulation: Lawsuits pile up against Obama overtime rule The American people are restive, discouraged and sometimes suicidal GOP chairman eyes lame-duck for passing medical cures bill MORE (R-Tenn.) and ranking member Patty MurrayPatty MurrayDems call for better birth control access for female troops US wins aerospace subsidies trade case over the EU Senate Dems unveil new public option push for ObamaCare MORE (D-Wash.) said Wednesday that 50 million customers who may have been impacted by the cyberattack still have not been informed. 

“The vast majority have not yet been informed,” Alexander wrote in a statement. “This delay is unacceptable and should be corrected immediately.”

The senators wrote a letter to Anthem's chief executive Wednesday, which said they are “concerned with your slow pace of notification and outreach thus far.”  

Their efforts to intervene come about a month and a half after the company discovered the cyberattack. The insurer disclosed in late February that the breach had impacted more people than previously believed — including about 70 million current and former customers and employees.

A spokesperson for Anthem defended the company's response to the data breach. Because the company expected a lengthy process to inform all of the impacted customers, it set up a website and a hotline for customers.

"Over the last few days, we have also accelerated our member notification mailings. Approximately 2.4 million letters are mailed daily. We are working continuously to complete that process as soon as possible," the company wrote in a statement. 

The data potentially exposed in the breach included people's Social Security numbers and birthdays, but apparently not credit card numbers.

The senators asked Anthem to "speed up the pace of notifications, and share with our committee what steps you plan to take in the next few days, to dramatically increase the pace of notification,” they wrote. They do not provide a specific deadline for informing the customers, but requested a written update from the company by April 1.

The panel — the Senate Health, Education, Labor and Pensions Committee — also announced an initiative to examine the security of health IT last month.