eDiscovery Daily Blog
Anthem Agrees to Pay Over $100 Million to Settle Data Breach Lawsuit: Cybersecurity Trends
One of the most notable data breaches in recent years was the one suffered by health insurer Anthem involving the personal information of nearly 80 million individuals. It looks like they are going to pay up big to make the class-action lawsuit that was filed in response to that massive data breach go away.
MedCity News (Anthem to pay record $115 million to settle data breach lawsuit, by Erin Dietsche), reports that the settlement must still be approved by a court, but if it is, it will stand as the biggest data breach settlement in history.
Back in 2015, the Indianapolis, Indiana-based insurer was the victim of a cyberattack that involved the Social Security numbers, birthdates, addresses and healthcare ID numbers of 78.8 million people. At that time, Anthem said in a statement, it provided two years of credit monitoring and identity protection services to all impacted individuals.
Nonetheless, more than 100 lawsuits were filed against Anthem that were eventually consolidated.
As part of the $115 million settlement, Anthem will give data breach victims at least two years of credit monitoring and provide cash compensation for individuals who already enrolled in credit monitoring. The health insurer will also cover the out-of-pocket expenses victims have incurred as a result of the data breach.
On top of that, Anthem has to allocate a certain amount of money for security purposes and make specific changes to its data security systems.
In a statement, the insurer said the settlement “does not include any finding of wrongdoing.” Anthem added that it “is not admitting any wrongdoing or that any individuals were harmed as a result of the cyberattack.”
Anthem continued: “Nevertheless, we are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was or may have been involved in the cyberattack and who will now be members of the settlement class.”
In a related article by the same author, it appears that Google has begun removing people’s private medical records from its Search results. Maybe it will soon be more difficult to find (intentionally or inadvertently) someone’s medical records online.
So, what do you think? Is this the start of a trend? As always, please share any comments you might have or if you’d like to know more about a particular topic.
BTW, if you’re a member of a solo or small law firm or want to learn how to simplify the discovery process, feel free to check tomorrow’s webcast!
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.