The biggest data breach payment in history has lately been approved by the health underwriter Anthem Inc. Anthem faced the biggest healthcare data breach ever informed in 2015, with the cyberattack leading to the thievery of 78.8 million files of former and current health plan associates. The breach involved names, birthdates, addresses, email addresses, Social Security numbers, and employment/income data.
A breach of that extent naturally led to several class-action litigations, with over 100 litigations merged by a Legal Board on Multidistrict Lawsuit. Today, two years later, Anthem has decided to resolve the court case for $115 million. If accepted, that will make this the biggest data breach payment ever.
After facing the data breach, Anthem offered 2 years of free credit checking services to impacted plan members. The payment will, in part, be utilized to pay for an additional 2 years of credit checking facilities. Alternatively, people who have already registered in the credit checking facilities earlier offered might be allowed to get a cash payment of $36 in place of the additional 2 years of protection or up to $50 if finances are still obtainable. The payment also contains a $15 million reserve to pay for out-of-pocket expenditures incurred by petitioners, which will be agreed on a case-by-case basis for so long as resources are obtainable.
Anthem has also arranged to set separately ‘a definite level of financing’ to make developments to its cybersecurity systems and defenses, including the use of encryption to protect data stationary. Anthem will also be making modifications to how it stores confidential files and will be applying firmer access rules. Although the payment has been approved, Anthem has not acknowledged any misconduct.
Anthem Representative Jill Becher clarified that although files were thieved in the attack, Anthem has not found proof to indicate any of the information thieved in the cyberattack was utilized to execute scam or was sold on. Becher also stated, “We are delighted to be putting this lawsuit behind us, and to be offering further considerable advantages to people whose information was or might have been included in the cyberattack and who will now be associates of the payment class.”
Although the decision to pay has been made, the payment should now be ratified by the U.S. District magistrate in California chairing over the lawsuit. District Judge Lucy Koh will hear the lawsuit on August 17, 2017.