X Close Search

How can we assist?

Demo Request

Senate Demands Aflac to Provide Details on Recent Cybersecurity Breach

U.S. Senate committee demands details from insurance giant Aflac regarding its recent cyberattack that compromised personal and health information.

Post Summary

Aflac, one of the largest supplemental health insurance providers in the United States, is under scrutiny from the U.S. Senate following a recent cybersecurity breach that compromised sensitive data. A Senate committee, led by Senators Bill Cassidy, M.D. (R-La.) and Maggie Hassan (D-N.H.), has requested further details about the incident, which was first disclosed to regulators in June. The committee is pressing Aflac for more clarity on how the breach unfolded and the measures the company is taking to prevent future incidents.

Senators Seek Transparency

In a letter dated August 22, the Senate Health, Education, Labor and Pensions (HELP) Committee demanded answers from Aflac CEO Daniel Amos. The letter specifically asked the company to explain its cybersecurity protocols - both digital and physical - prior to the breach. The senators also called on Aflac to detail the steps it is taking to safeguard its systems and determine whether private consumer and patient data were accessed in the attack.

The lawmakers emphasized the importance of transparency, writing that cyberattacks pose "substantial risk to the healthcare system and American patients." They have requested a response from Aflac by September 5.

Timeline of the Breach

Aflac first notified regulators at the U.S. Securities and Exchange Commission (SEC) about the breach on June 20. At the time, the company described the incident as part of a "cybercrime campaign" targeting the insurance sector. The U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool later revealed that at least 500 individuals' protected health information had been compromised, though this number is likely a placeholder estimate.

In public statements, Aflac has claimed it "stopped the intrusion within hours." However, this has not quelled concerns from lawmakers, who are seeking "additional transparency" about the scope of the breach.

Rising Threats to Healthcare

The Senate’s letter drew attention to the growing frequency and impact of cyberattacks on the healthcare and insurance industries. "Last year, there were over 700 large data breaches that impacted approximately 276 million Americans", the letter stated. These incidents not only lead to significant financial costs - averaging $9.77 million per breach - but have also disrupted healthcare services, resulting in delayed appointments and medication errors.

The senators note that federal agencies have warned of increasing threats to healthcare entities, including potential attacks by foreign actors like Iran. The Aflac breach, they wrote, highlights the ongoing risks to patients and critical infrastructure.

Industry Comparisons and Questions

The letter also references a February 2024 ransomware attack on Change Healthcare, a UnitedHealth Group IT services unit, which led to the largest health data breach in U.S. history, affecting 192.7 million individuals. Lawmakers are urging Aflac to explain whether it has adopted cybersecurity best practices used by other critical infrastructure sectors.

In addition, the senators have asked Aflac to clarify when it first became aware of the attack and to outline efforts to identify compromised information. They also want to know how Aflac is communicating with affected individuals and what additional reporting the company plans to provide beyond what is required by HIPAA.

Broader Legislative Efforts

This inquiry comes amidst broader legislative efforts to strengthen cybersecurity in the healthcare sector. Last year, Senators Cassidy and Hassan, along with colleagues Mark Warner (D-Va.) and John Cornyn (R-Texas), introduced the Health Care Cybersecurity and Resiliency Act of 2024. The bipartisan bill aims to improve cybersecurity coordination between the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency. However, like similar efforts in recent years, the bill has yet to gain traction in Congress.

Aflac’s Silence

As of now, Aflac has not responded to inquiries from Information Security Media Group regarding the Senate’s letter or for further details about the breach. Likewise, the Senate HELP Committee has not commented on whether it plans to hold hearings on the incident.

The letter underscores the urgency of addressing cybersecurity vulnerabilities in the healthcare and insurance sectors, as lawmakers push for greater accountability and transparency from industry leaders like Aflac.

Read the source

Key Points:

Recent Perspectives

Healthcare Service Breach Exposes Personal Data of 600,000+ Individuals
How Automated Scanning Improves Clinical App Security
Checklist for Vendor Onboarding Data Access
Continuous Vendor Risk Monitoring in Healthcare Supply Chains
Dynamic Data Classification for HIPAA Compliance
How to Analyze IoT Device Security Logs in Healthcare
ISO 27001 and SOC 2 Integration: Common Pitfalls to Avoid
SOC 2 PHI Monitoring: Key Steps
Censinet Risk Assessment Request Graphic

Censinet RiskOps™ Demo Request

Do you want to revolutionize the way your healthcare organization manages third-party and enterprise risk while also saving time, money, and increasing data security? It’s time for RiskOps.

Schedule Demo

Sign-up for the Censinet Newsletter!

Hear from the Censinet team on industry news, events, content, and 
engage with our thought leaders every month.

Third Party Risk
Enterprise Risk
Provider Solutions
Vendor Solutions
About
Terms of Use | Privacy Policy | Security Statement | Crafted on the Narrow Land