(Bloomberg) — President Barack Obama’s top advisers urged Congress to act quickly to strengthen consumer data protections after the security breach at Anthem Inc. (NYSE:ANTM).
“Hardly a week goes by when the problem is not on the front pages of the newspapers,” John Podesta, counselor to Obama, said in a conference call with reporters promoting White House data protection proposals. “With each breach there is more need” for the legislation, he added.
Anthem, the second biggest U.S. health insurer by market value, disclosed that hackers obtained names, birth dates, Social Security numbers, street and e-mail addresses and income data on tens of millions of current and former customers. The attack underscores the need for “a single national standard to protect consumers from data breaches,” Podesta said.
Obama last month proposed legislation that would establish a standard for notifying customers of breaches and another measure that would bar student data from being used for non-educational purposes.
The administration also plans to push for enactment of its Consumer Privacy Bill of Rights, which lays out principles for online data collection. The White House will release draft legislation soon, according to a progress report issued by the White House.
The bill would require companies to notify victims of data theft within within 30 days, Podesta said.
“Anthem did do that,” he said.
Health information privacy and data security are already governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
Anthem is “operating in a realm of best practices,” Podesta said. “They are in that zone. What we want to see is both a constant application and a high set of standards.”
Multinational companies including Sony Pictures Entertainment and JPMorgan Chase & Co. have been among high-profile companies grappling with hackers.
Anthem, formerly known as WellPoint, didn’t provide information on how the hacking occurred or when it was discovered.
The Anthem attack is the biggest in the health care industry since Chinese hackers stole Social Security numbers, names and address from 4.5 million patients of Community Health Systems Inc., the second-largest for-profit hospital chain, last year. These events are on a similar scale to hacks of customer data from Target Corp. and Home Depot Inc. last year in terms of the number of people affected.
Anthem will notify customers who were affected and provide credit and identify-theft monitoring services for free, Chief Executive Officer Joseph Swedish said in a letter to customers.
“As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation,” Anthem said.
—With assistance from Crayton Harrison in New York and Jordan Robertson in Washington.