Anthem Agrees to $115 Million Settlement in Data Breach Litigation | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Anthem Agrees to $115 Million Settlement in Data Breach Litigation

June 26, 2017
by Heather Landi
| Reprints

Indianapolis-based Anthem, the largest U.S. health insurance company, has agreed to a proposed settlement to resolve the multidistrict class action litigation relating to the 2015 cyber attack that compromised the personal information of 78.8 million people. The $115 million settlement, if approved by the Court, will be the largest data breach settlement in history, according to attorneys representing the plaintiffs.

In a statement posted to its website on Friday, Anthem stated that the settlement does not include any finding of wrongdoing, and the company is not admitting any wrongdoing or that any individuals were harmed as a result of the cyber attack. 

As previously reported by Healthcare Informatics, an examination of the breach by the California Department of Insurance revealed that very likely, “the cyber attacker was acting on behalf of a foreign government."

According to a Reuters article, the deal must still be approved by U.S. District Judge Lucy Koh in San Jose, California, who is presiding over the case. Judge Koh is scheduled to hear Plaintiffs’ motion on August 17. More than 100 lawsuits filed against Anthem over the breach were consolidated before Judge Koh.

The cyber breach was first discovered by Anthem on Jan. 27, 2015. In early February 2015, Anthem and its affiliates announced the company had suffered a major breach, which compromised 78.8 million consumer records, including records of at least 12 million minors. At that time, the payer announced details in a letter from President and CEO, Joseph R. Swedish. He said that Anthem was the target of a “very sophisticated external cyber attack.” The hackers gained access to current and former members’ names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem says that credit card and medical information, such as claims, test codes, and diagnostic codes were not compromised.

When Anthem discovered the cyber attack in 2015, the company offered two years of credit monitoring and identity protection services to all individuals whose data may have been impacted. According to Anthem’s statement, as part of this final resolution of the litigation, class members can receive an additional two years of credit monitoring and identity protection services, along with other significant benefits.

According to a press release from attorneys from Altshuler Berzon, Cohen Milstein, Girard Gibbs and Lieff Cabraser, who were court-appointed to lead the representation of the plaintiffs, the proposed settlement provides for Anthem to establish a $115 million settlement fund, which will be used to provide victims of the data breach at least two years of credit monitoring; cover over out-of-pocket expenses incurred by consumers as a result of the data breach; and provide cash compensation for those consumers who are already enrolled in credit monitoring.

In addition to the monetary fund, the settlement will require Anthem to guarantee a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls. The settlement is designed to protect class members from future risk, provide compensation, and ensure best cybersecurity practices to deter against future data breaches.

“We are very satisfied that the settlement is a great result for those affected and look forward to working through the settlement approval process,” Andrew Friedman, co-lead plaintiffs’ counsel, said in a statement in the press release.

Anthem executives said in the statement, “Anthem has had, for many years, a strong information security program to protect the personal data entrusted to us. As we have seen in cyber attacks against governments and private sector companies including Anthem over the past few years, many cyber threat actors are increasingly sophisticated and determined adversaries. Anthem is determined to do its part to prevent future attacks. To that end, as part of the settlement, Anthem has agreed to continue the significant information security practice changes that we undertook in the wake of the cyber attack, and we have agreed to implement additional protections over the next three years.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.