The senator gave Premera until March 27 to respond to 15 questions she has on the breach of the health insurer’s IT system and its response to the attack.

Share story

In a letter Friday to Premera Blue Cross, Sen. Patty Murray demanded answers to questions related to a cyberattack that may have accessed personal and health information of approximately 11 million of the health insurer’s customers.

As a ranking member of the Senate Health, Education, Labor and Pensions Committee, Murray is part of a bipartisan oversight initiative to examine the health industry’s preparedness for cyberattacks.

Premera, based in Mountlake Terrace, disclosed in a news release Tuesday that it had discovered the attack on Jan. 29, but that it initially took place May, 5 2014.

In the letter, Murray questioned Premera’s failure to immediately inform current and former policy holders, including 6 million current or former Washington residents, that their information may have been compromised.

“These failures are particularly troubling given the scope of the attack,” she wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”

In disclosing the attack this week, Premera said it was sending out letters to affected customers informing them of the attack and offered a number of steps they could take,, including free credit monitoring.

On Wednesday, Murray, along with committee chairman Lamar Alexander, R-Tenn., also urged Indianapolis-based Anthem, which disclosed a breach in February, to accelerate its pace of notifying its customers, as the company has yet to reach more than 50 million of the nearly 80 million potentially affected.

Murray gave Premera until March 27 to answer her list of 15 questions about the attack and the company’s response to it.

Premera spokesman Eric Earling said the company has received the letter, but could not elaborate on any answers or when Premera will respond.

He emphasized that the company waited to notify the public because it was advised to cleanse and secure its information technology system before doing so.