Banner

Article

Anthem settles with state AGs in cyber attack

Author(s):

Keith A. Reynolds

The settlement relates to a 2015 cyber attack that impacted 78.8 million customers.

Health insurance giant Anthem has settled with State Attorneys General from across the country in connection to a 2015 cyber attack on the company.

According to a news release, the company agreed to pay $39.5 million in settlement in connection to the multistate investigation. As part of the settlement, Anthem does not admit any violation of law connected to the attack from what the company called a “sophisticated state-sponsored criminal attack group.”

In a separate release, New York Attorney General Letitia James says that the breach, which occurred in 2014 but wasn’t disclosed by Anthem until February 2015, compromised the personal information of 78.8 million of Anthem’s customers across the country. The attackers were able to harvest names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information.

The James release says that Anthem will also be required to implement the following:

Prohibiting the misrepresentation of the extent to which Anthem protects the privacy and security of consumers’ personal information;

Implementing a comprehensive information security program that incorporates principles of zero trust architecture and includes regular security reporting to the Board of Directors and prompt notice of significant security events to the CEO;

Setting up specific security requirements with respect to segmentation, logging and monitoring, anti-virus maintenance, access controls and two-factor authentication, encryption, risk assessments, penetration testing, and employee training, among other requirements; and

Scheduling third-party security assessments and audits for three years, as well as requiring that Anthem make its risk assessments available to a third-party assessor during that term.

Anthem also previously entered into a class action settlement establishing a $115 million settlement fund to pay for additional credit monitoring, cash payments up to $50 per individual breached, and reimbursement for out-of-pocket losses for affected customers, the James release says.

No evidence was found that information obtained in the leak resulted in fraud, Anthem says.

Related Videos
Emma Schuering: ©Polsinelli
Emma Schuering: ©Polsinelli
Scott Dewey: ©PayrHealth
Related Content
Medicare fraud trial ©MaksymYamilianov - stock.adobe.com
November 21st 2024

Dallas jury finds practice liable for Medicare fraud that could result in more than $300 million in penalties

Ep 40: Malpractice caps and nuclear verdicts with Bob White, the Doctors Company
September 20th 2024

Ep 40: Malpractice caps and nuclear verdicts with Bob White, the Doctors Company

© rogerphoto - stock.adobe.com
November 12th 2024

AMA supports additional oversight for nonprofit hospital charity care

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy
June 28th 2024

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy

Malpractice strategies
October 1st 2024

Malpractice strategies

MSOs and compliance: ©Nicoelnino - stock.adobe.com
October 1st 2024

What physicians and medical practices need to know about MSOs