$74 Million Premera Blue Cross Settlement Gets Preliminary Approval
A consolidated class action lawsuit against Premera Blue Cross over its 2014 data breach of 10.6 million records is a step closer to being resolved now a Federal District Judge has given preliminary approval to Premera’s proposed $74 million settlement.
Under the terms of the settlement, Premera Blue Cross will create a fund of $32 million for victims of the breach. $10 million of that amount is set aside to reimburse costs incurred by plan members as a direct result of the breach, and $2.5 million will cover additional credit monitoring services. The remainder will be used to cover claims for damages.
The breach that triggered the lawsuit could have been prevented. Premera Blue Cross had discovered, through third party and internal audits, that security vulnerabilities existed, yet those vulnerabilities were not addressed. If Premera Blue Cross has heeded the warnings, a breach could have been avoided. Additionally, once its systems were breached, Premera Blue Cross failed to detect unauthorized activity on its network or a year. Under the terms of the settlement, Premera Blue Cross will invest $42 million in its cybersecurity program over the next three years.
$74 million is a substantial amount, but a fund of $10 million to reimburse costs in a for a breach of more than 10 million records will not go far. Judge Michael Simon found that amount to be sufficient considering additional credit monitoring services were being provided, and due to the relatively small number of claims that have been received to date.
The investment in cybersecurity will benefit all current and future members and will ensure that their personal information is appropriately secured and will remain private and confidential.
Giving preliminary approval for the settlement, Judge Simon said the evidence against Premera Blue Cross spanned several years and involved reviewing a considerable amount of technical documentation. Claims were made against Premera Blue Cross alleging negligence and unfair practices with respect to the data security measures put in place. Judge Simon said they were “relatively strong claims.”
In addition to the $74 million, Premera Blue Cross has agreed to settle a separate multi-state lawsuit for $10 million. 30 state Attorneys General participated in the action.