The HIPAA Guide - Celebrating Over 15 Years Online

Anthem’s $115 Million Data Breach Settlement Finally Approved

August 21, 2018HIPAA Breaches, Violations, and Fines0

Anthem Data Breach Settlement

Anthem Inc. proposed a $115 million settlement in 2017 to resolve the class action lawsuits filed by the victims of its 78.8 million-record data breach in 2015. The proposal was finally approved on August 16, 2018.

The Anthem cyberattack resulted in the theft of plan members’ names, dates of birth, healthcare insurance data, Social Security numbers and other data. Several class-action lawsuits were filed in the months after the announcement of the breach, and due to the similarity of the lawsuits they were consolidated by the Judicial Panel for Multidistrict Litigation into a single lawsuit in June 2015. The case was allocated to the U.S District Court for the Northern District of California.

Anthem did take steps to reduce the potential for financial harm and offered breach victims 24 months of credit monitoring services free of charge, but many breach victims personally paid for credit monitoring and identity theft protection services and incurred other expenses as a result of the breach. The settlement will ensure that those out-of-pocket expenses are reimbursed.

In her opinion, U.S. District Judge Lucy H. Koh said the settlement amount was ““fair, reasonable, and adequate.” In addition to covering the out-of-pocket expenses, class members have also been offered a further 24 months of credit monitoring services without charge and gives class members “timely, certain, and meaningful recovery.” Had the settlement been rejected it would have delayed reimbursement of out-of-pocket expenses, and there was no guarantee that continued legal action would have resulted in a settlement had the case gone before a jury. There were several objections to the settlement, although Judge Koh determined that none were valid.

Class members who have yet to pay for additional credit monitoring services will be able to register for them by submitting a simple form. Class members who have already paid for those services will be eligible to receive a cash payment, provided they submit details of the company and credit monitoring services they have purchased. The cash alternative will be a maximum of $50 per class member. Judge Koh believed the fund to cover the cash payments is adequate.

The settlement also includes a fund of $15 million for individuals who have had to cover additional expenses as a result of the breach. Only 1.33 million breach victims have submitted a claim. For those individuals, the maximum payment to reimburse costs is $10,000. Proof of expenses will be required.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Anthem has also agreed to implement additional security controls to make sure sensitive information is better safeguarded. Those measures include the use of encryption and improvements to its data security processes.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2024 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide       Terms and Conditions       Accessibility Statement