"Physician, heal thyself" is an expression that many people use to criticize a lack of standards among groups or organizations that are charged with enforcing those same standards among others. And a paraphrase that applies to the insurance business is "insurer, protect thyself."

It turns out that for a business that is so conscious — and conscientious — of all things involving risk, the insurance industry neglects its own risk, especially when it comes to data breaches. That neglect has cost companies millions in court settlements and regulatory fines.

|

You've been breached

Among the insurance companies that have paid a price for failing to prevent data breaches is Nationwide Mutualand its subsidiary, Allied Property and Casualty Insurance Company. Nationwide is on the hook for a more than $5 million fine resulting from a 2012 data breach that divulged details on 1.27 million customers.

Also on the firing line are CareFirst, which is the target of a class-action lawsuit for a 2014 data breach that affected more than one million people, and Horizon Blue Cross Blue Shield, which is in the midst of class-action suit over a 2013 breach that hit 800,000 victims when their data was accessed.

Recommended For You

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.