Anthem, a well-known health insurance business that serves more than 100 million people in the United States, was the victim of a large data breach that occurred around the end of 2014. Through the use of bogus email, fraudsters from other countries were able to obtain access to Anthem’s computer systems, which enabled them to breach the personal data of millions of members.
The public became aware of the data breach that occurred at the beginning of 2015, which caused shockwaves throughout the membership of the firm and resulted in the corporation incurring hundreds of millions of dollars in legal expenses and recovery costs. Since that time, the healthcare industry in the United States has referred to this breach as one of the most devastating cyber catastrophes, which has spurred a national conversation on the necessity of data security.
$115 Million Settlement in Massive Anthem Breach Case
Anthem will pay an unprecedented sum of $115 Million Settlement to settle a class-action lawsuit that was brought about as a consequence of a data breach that occurred in 2015 and exposed the personal information of around 80 million members and workers. The organization has agreed to allocate cash for the strengthening of cybersecurity measures, in addition to offering credit protection for two years and paying out-of-pocket expenditures totalling fifteen million dollars for people who were affected.
The sum of the payout is among the highest amounts ever paid out as a settlement for a data breach, surpassing the $115 Million Settlement that Anthem had insured itself against cyberattacks at the time of the theft. The payer is likely relieved to put a stop to the matter since it was subjected to severe criticism for both its management of the breach and its degree of preparedness, or lack thereof.
MobilityWare app privacy class action settlement
$1.5 Million Class Action Settlement
Overview of $115 Million Settlement in Massive Anthem Breach Case
| Article Title | $115 Million Settlement in Massive Anthem Breach Case |
| Amount | $115 Million |
| Post type | Finance |
Context of these breaches
According to a report from the California Department of Insurance, the first security breach occurred in February 2015 when an employee followed a link in a phishing email. It is quite probable that a government inside another country caused the breach.
The audit also found that Anthem had installed proper protections for its data and had reacted in a “quick and effective” way to the situation. Anthem was penetrated by a simple password breach and failed to encrypt critical information, even though the company was aware of the cybersecurity issues that were revealed during an audit in 2013.
Moreover, it was fined for the fact that it did not tell anybody who was impacted for a few weeks. It is very uncommon for a firm to spend months without becoming aware of a breach, and it is quite improbable that the breach would be successful without causing a severe financial loss. As a consequence of breaches of health data, the healthcare industry in the United States suffers yearly losses of $6.2 billion.
Information Regarding the Data Breach at Anthem
On February 18, 2014, a phishing technique was used by the Chinese cybercriminal organization Deep Panda to deceive an employee of Anthem into opening a malicious email. The email included harmful content. By opening the email, the criminals were able to infect the employee’s computer with malicious software.
Through the use of this malicious software, Deep Panda was able to successfully move across Anthem’s networks and ultimately get access to more than fifty employee accounts and ninety different systems. The data warehouse of the corporation, which had the information of millions of Anthem subscribers, was one of the systems that were included in this category.
Following their successful breach of Anthem’s data warehouse, the hacker began the process of downloading data from this system. Private information, including names, birthdates, Social Security numbers, health care identifying numbers, contact details (including email addresses and home locations), and income information, were included in these reports. These reports also included information on salaries. We are very fortunate that the members’ credit card information, medical data, and claims information were not found to be compromised.
Anthem discovered the information on the incident on January 27, 2015, which was over a month after unauthorized parties accessed the data warehouse. The firm promptly informed the federal authorities about the occurrence within a few days of its occurrence. The next week, on February 4, 2015, Anthem issued a printed press release to the general public to tell them of the data breach that had occurred.
Later in the month, the company decided to use the services of a cybersecurity consulting firm to investigate the reason for the breach and devise strategies to prevent breaches of a similar kind in the future. The Department of Justice of the United States finally brought charges against several Chinese hackers who were associated with Deep Panda for their participation in the events that occurred in the years that followed.
Anthemās solution
In response to the highly skilled attack, Anthem adopted a variety of procedures that were designed to improve security and prevent incidents from occurring. In addition to notifying the appropriate federal authorities of the breach and sending out emails to customers who were affected, they hired a cybersecurity consultancy to investigate the attack and devise countermeasures.
Additionally, Anthem agreed to pay a record-breaking sixteen million dollars as part of the HIPAA settlement, in addition to putting into effect a comprehensive corrective action plan in line with HIPAA laws. A comprehensive enterprise-wide risk analysis, regular evaluations of information system activity, the identification and management of security concerns that have been proven or suspected, and the adoption of appropriate minimum access limitations were all components of this method.
The costs of recovery are enormous.
Because of the security breach, the firm had to pay significant fees for recovery. According to the facts, Anthem is expected to incur damages of close to 260 million dollars as a result of the occurrence. As a result of the company’s analysis of these expenditures, they discovered that the process of informing the general public about the security breach cost them more than thirty million dollars.
In an attempt to assist people who were affected by the tragedy, Anthem later committed a total of $112 million to provide these members with protection against identity theft and monitoring of their credit reporting. Following that, the company spent an additional $2.5 million to hire experienced consultants to assist with the investigation from that point on.
The falling away of goodwill
As a result of the event, an extensive amount of criticism was directed at Anthem by its members, the media, and security experts. Even though Anthem has a variety of cybersecurity precautions and an incident response plan in place, which helped reduce damages when the hack was detected, the company has been criticized for its questionable data protection methods.
Tuna Price-Fixing Class Action SettlementĀ
Macyās CVC Sheets $10.5 M Class Action SettlementĀ
Specifically, the company failed to encrypt the records that were kept in its data warehouse, which was a vital measure that might have stopped Deep Panda from gaining access to sensitive information about its members and considerably decreased the overall impact of the incident.
Enhanced Safety and Protection
Anthem will be required to ensure that information security receives a specific amount of funding in addition to implementing or maintaining several specific changes to its data security systems. These changes may include encrypting specific data and archiving sensitive data under strict access controls. In addition, Anthem will be required to ensure that such changes are implemented or maintained.
| Home Page | https://baltimoreoutloud.com/wp/ |
In addition to compensating class members and protecting them from any future dangers, the settlement intends to develop appropriate cybersecurity practices to prevent data breaches of this kind.
Calista Embry is a finance journalist who graduated from Johns Hopkins University. She has a passion for writing and researching the impact of finance on social life.