Georgia joins 39.5M multi-state settlement in Anthem data breach
Attorney General Chris Carr

chris-carr
Attorney General Chris Carr
Attorney General Chris Carr

ATLANTA—Georgia Attorney General Chris Carr today announced that the state has joined a total $39.5 million 43-state settlement with Anthem Medicare Health Insurance plans stemming from the 2014 data breach that involved the personal information of 78.8 million Americans.

Through the settlement, Anthem has reached a resolution with the multi-state coalition. Georgia will receive $1,387,257.61 from the settlement. In addition to the payment, Anthem has also agreed to a series of data security and good governance provisions designed to strengthen its practices going forward.

“We considered many factors before joining this multistate investigation,” said Carr. “It is important to remember that in a world where cybersecurity threats are evolving, so too must our efforts to combat them. We believe Anthem is being an amicable partner in correcting this situation by taking the necessary measures to address the issue at hand. Georgia will continue to cross borders and work with private, public, state, local and federal partners to make sure that we eliminate the truly bad actors from the playing field.”

In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014, using malware installed through a phishing email. The attackers were ultimately able to gain access to Anthem’s data warehouse, where they harvested names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information for 78.8 million Americans. In Georgia, 3,726,249 residents were affected by the breach.

Under the settlement, Anthem has agreed to a series of provisions designed to strengthen its security practices going forward. Those include:

  • A prohibition against misrepresentations regarding the extent to which Anthem protects the privacy and security of personal information;
  • Implementation of a comprehensive information security program, incorporating principles of zero trust architecture, and including regular security reporting to the Board of Directors and prompt notice of significant security events to the CEO;
  • Specific security requirements with respect to segmentation, logging and monitoring, anti-virus maintenance, access controls and two factor authentication, encryption, risk assessments, penetration testing, and employee training, among other requirements; and
  • Third-party security assessments and audits for three (3) years, as well as a requirement that Anthem make its risk assessments available to a third-party assessor during that term.

In the immediate wake of the breach, Anthem offered an initial two years of credit monitoring to all affected U.S. individuals.

In addition to this settlement, Anthem previously entered into a class action settlement that established a $115 million settlement fund to pay for additional credit monitoring, cash payments of up to $50, and reimbursement for out-of-pocket losses for affected consumers. The deadlines for consumers to submit claims under that settlement have since passed.

 

On Common Ground News


Leave a Reply

Your email address will not be published. Required fields are marked *


About us

On Common Ground News is published daily by On Common Ground, Inc (OCGNEWS.COM). The newspaper serves DeKalb, Gwinnett, Rockdale and Metro Atlanta.

The opinions expressed by writers and contributors are not necessarily those of the publisher or the newspaper’s advertisers.

No portion of this newspaper may be reproduced in any form without the written permission of the publisher.

We reserve the right to reject material and advertisements we deem inappropriate.


On Common Ground News
P.O. Box 904
Lithonia, GA 30058


(770) 679-5607

editor@ocgnews.com


Latest News

Select list(s) to subscribe to


By submitting this form, you are consenting to receive marketing emails from: On Common Ground News, 1240 Sigman Road, Conyers, GA, 30012, http://www.ocgnews.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact