Anthem Offers Up $115 Million to Settle Cyberattack Suit

from tHEORetically Speaking: The HealthEconomics.Com Blog at on June 26, 2017 at 06:25PM

Health insurance company Anthem says it will pay $115 million to settle a class-action lawsuit regarding a 2015 cyberattack in which the personal information of some 80 million people — members and employees — was stolen.

The settlement, according to Healthcare Dive, is “the largest amount ever for a data breach settlement … .” Anthem had a $100 million insurance policy for cyberattacks when the breach occurred.

Anthem LogoThe California Department of Insurance earlier this year reported the initial breach was the result of an employee having opened a phishing email, likely delivered on behalf of a foreign government.

“This was one of the largest cyber hacks of an insurance company’s customer data,” California Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected.

The company received its fair share of controversy, too, after having reportedly failed to bolster its cybersecurity after a 2013 audit which found inadequate security infrastructure. It was also slow to inform the affected people, most of whom were notified several weeks after the attack.

Part of the settlement also requires Anthem to strengthen its cybersecurity infrastructure to better ward future breach attempts. According to the plaintiffs’ lawyers, that includes “encryption of certain information and archiving sensitive data with sensitive access controls.”

Click here to read the full report on Healthcare Dive’s website.

California’s response to the breach can be viewed here.