New York Governor Andrew M. Cuomo is seeking details on how insurers are protecting customers and companies' health and financial records from online The DFS on Tuesday sent "308 letters"--to which insurers are legally required to respond--to 31 insurance companies that it regulates, requesting information on the policies and procedures they have in place to protect against cyberattacks.
The list of companies includes Aetna Inc. (AET), American International Group Inc. (AIG), Allstate Corp. (ALL), Humana Inc. (HUM), MetLife Inc. (MET), Travelers Cos. (TRV) and UnitedHealth Group Inc. (UNH).
Gov. Cuomo said the sensitive health, personal and financial information that New Yorkers entrust to their insurance companies is "a virtual treasure trove for hackers."
The 308 letters request a variety of information, including any cyberattacks the companies have been subject to in the past three years, cybersecurity safeguards in place, information technology management policies, and the amount of funds and other resources dedicated to cybersecurity at the companies.
Earlier this year, DFS sent similar inquiries to the largest banks that it regulates, requesting information on their cybersecurity policies, the statement said.
Gov. Cuomo recently formed a board to advise his administration on developments in cybersecurity and make recommendations for protecting the state's critical infrastructure and information systems.