Anthem Inc, providers of Anthem Blue Cross and Blue Shield health insurance, has agreed to settle a class action lawsuit at the tune of $115 million dollars over a 2015 data breach cyber attack. Anthem is known for being the second largest health insurance company in the USA.
If U.S. District Court Judge Lucy Koh gives court approval, the payout will be the largest data breach settlement ever for a data breach lawsuit.
This amount exceeds the $100 million amount in the cybersecurity insurance policy that Anthem Inc. had at the time of the breach. The funds will be used to provide victims of the data breach with protection services such as at least two years of credit monitoring and reimbursement for breach-related expenses. Additionally, the data breach settlement would guarantee that a certain level of funding will be used to improve and implement better security measures to protect Anthem's customers' data. This settlement comes after two years of a long investigation.
The Anthem data breach occurred in 2015 and resulted from a phishing email that an employee opened up.
The Anthem hack, the largest data breach we know so far, resulted in the exposure and theft of nearly 80 million records and affected over a million people. The type of personal information lost included client's names, birth dates, social security numbers, email addresses, medical IDs, and more personal medical information. To make matters worse, Anthem knew of its information security shortcomings since 2013. The company was also criticized for the delay it took to notify those that were affected by the breach. If they had simply taken additional steps to address the flaws in their data security systems and implement specific changes, this settlement could have possibly been avoided. Anthem is also not admitting to any wrongdoing as part of the settlement. The company maintains that there is no evidence that any of the compromised information was sold or used for fraud.
Data breaches due to lack of data security are costing the healthcare industries $6.2 billion per year.
More so, data breaches in healthcare has the most costly fines compared to other industries. When this ruling gets approved, that cost will only go up as it will set a precedent for other lawsuits related to data breaches.