Anthem to pay $16M in record data breach settlement
Written by Editor   
Tuesday, October 16, 2018 12:45 PM

Anthem has agreed to pay the federal government $16 million in a settlement over its 2015 data breach that hit nearly 79 million people. The agreement is by far the largest settlement reached by HHS' Office for Civil Rights for a Health Insurance Portability and Accountability Act (HIPAA) breach. Hackers stole the names, birth dates, Social Security numbers, home addresses and other personal information in the 2015 cyberattack.

The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history.  ”Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people's private information."

Anthem did not admit liability for the incident. The insurer on Monday said it isn't aware of any identity theft stemming from the 2015 attack.

"Anthem takes the security of its data and the personal information of consumers very seriously," the company said in a statement. "We have cooperated with (the government) throughout their review and have now reached a mutually acceptable resolution."

In 2017, Anthem agreed to shell out $115 million to settle a class-action lawsuit over the breach, the largest data-breach settlement ever at the time. Anthem also offered class-action members two years of credit protection—in addition to the two years of monitoring they already received—and put $15 million aside for customers’ out-of-pocket costs stemming from the breach.