Leaders of the Senate’s health committee are accusing the insurer Anthem of failing to inform millions of people who may have been affected by a massive data breach.
Committee chairman Lamar AlexanderLamar AlexanderHELP Committee won't hold second hearing for DeVos Trump, GOP set to battle on spending cuts Senate committee vote on DeVos postponed MORE (R-Tenn.) and ranking member Patty MurrayPatty MurrayWarren burns Mnuchin over failure to disclose assets Warren: GOP ‘ignored’ ethical requirements for Cabinet picks Overnight Healthcare: Takeaways from Price's hearing | Trump scrambles GOP health plans MORE (D-Wash.) said Wednesday that 50 million customers who may have been impacted by the cyberattack still have not been informed.
“The vast majority have not yet been informed,” Alexander wrote in a statement. “This delay is unacceptable and should be corrected immediately.”
The senators wrote a letter to Anthem's chief executive Wednesday, which said they are “concerned with your slow pace of notification and outreach thus far.”
Their efforts to intervene come about a month and a half after the company discovered the cyberattack. The insurer disclosed in late February that the breach had impacted more people than previously believed — including about 70 million current and former customers and employees.
A spokesperson for Anthem defended the company's response to the data breach. Because the company expected a lengthy process to inform all of the impacted customers, it set up a website and a hotline for customers.
"Over the last few days, we have also accelerated our member notification mailings. Approximately 2.4 million letters are mailed daily. We are working continuously to complete that process as soon as possible," the company wrote in a statement.
The data potentially exposed in the breach included people's Social Security numbers and birthdays, but apparently not credit card numbers.
The senators asked Anthem to "speed up the pace of notifications, and share with our committee what steps you plan to take in the next few days, to dramatically increase the pace of notification,” they wrote. They do not provide a specific deadline for informing the customers, but requested a written update from the company by April 1.
The panel — the Senate Health, Education, Labor and Pensions Committee — also announced an initiative to examine the security of health IT last month.