Health insurance giant Anthem Inc. reported on February 4, 2015, that its computer systems had been targeted in a “very sophisticated external cyber attack.” The hackers stole personal information from nearly 80 million Anthem employees and customers, including names, birthdates, Social Security numbers, and addresses. Anthem reported at the time that all of its product lines were impacted, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Empire Blue Cross, Unicare and others.
Following the attack, over 100 lawsuits were filed against Anthem nationwide. Those cases were ultimately consolidated in the U.S. District Court, Northern District of California. Now, just over two years after the attack, lawyers for the plaintiffs in the case announced that they had reached a settlement with Anthem. The $115 million dollar deal represents the largest data-breach settlement in history.
The settlement funds will be used to pay for two years of credit monitoring (over and above the two-years of monitoring already provided), or, for those who choose to forgo credit monitoring, a cash payment of up to $50 per person.
This record-setting settlement demonstrates the need for constant vigilance of corporate IT systems, particularly in those sectors that maintain data subject to HIPAA and HITECH. Given the potential legal liability for non-compliance, and the increased focus on enforcement seen in the last several years, companies must count data security as among their highest priorities.