It is new news - that they (finally) started notifying customers. Five months after notifying regulators and the stock market (February/March in fact, not June).

The true extent of the harm (to customers, not to the company or its stock) only becomes apparent when individual customers check their SSNs, logins, claims, identity theft, credit reports. That's not the way it should be, but is the way it currently is in the US.

It is recent news. The breach was in April. Insurers started notifying THEIR customers that they were in that breach because they irresponsibly fed everyone’s private data to that random third party, who has clearly committed malpractice in handling highly sensitive patient information like diagnoses and test results.