Skip to main content
close search
site logo
Dive Brief

Anthem to pay record $115M to settle data breach lawsuit

Published June 27, 2017
Naomi Eide's headshot
Managing Editor
Shannon Muchmore's headshot
Senior Editor

First published on

Healthcare Dive

Dive Brief:

  • Anthem will pay a record $115 million to settle a class-action lawsuit stemming from a 2015 data breach in which the personal information of nearly 80 million members and employees was stolen.
  • The company agreed to set aside funding for cybersecurity improvements as well as cover two years of credit protection and $15 million worth of out-of-pocket costs for those affected.
  • In a statement, the payer did not admit to any wrongdoing or any harm to people as a result of the cyberattack, but said it is "determined to do its part to prevent future attacks."

Dive Insight:

If approved, the payout will be the largest amount ever for a data breach settlement and exceeds the $100 million insurance policy Anthem had against cyberattacks at the time of the breach. It's a chance to move on for the payer, as it received heavy criticism for how it handled the breach as well as how prepared — or not prepared  it was.

A report from the California Department of Insurance found that the initial breach occurred in February 2015 after an employee opened a phishing email. The breach was likely on behalf of a foreign government. The report also concluded Anthem had taken reasonable measures to protect its data and had a "quick and effective" response.

Anthem reportedly knew about cybersecurity shortcomings from a 2013 audit, but was still the victim of a simple password hack and failed to encrypt personal data. It was also criticized for taking several weeks to notify those who had been affected.

Anthem will now be required to make specific data security changes, "including encryption of certain information and archiving sensitive data with strict access controls," according to a statement for the plaintiffs’ lawyers.

It isn’t unusual for months to pass before an organization is aware of a breach, and the company is not likely to escape the attack without a heavy hit to its bottom line. Though Anthem escaped the settlement with a relatively minor financial impact, those impacted will likely receive a small payout. Split 80 million ways, $115 million doesn't go very far. 

One of the reason regulators have stepped up enforcement of cybersecurity negligence is because of the harm breaches and cyberattacks cause. It's hard to put a price on the value of someone's PII or PHI. But once exposed, there's no going back. More regulation to ensure cybersecurity best practices are met will go a long way in helping to prevent such damaging exposures. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell