Health insurance company Anthem says it will pay $115 million to settle a class-action lawsuit regarding a 2015 cyberattack in which the personal information of some 80 million people — members and employees — was stolen.
The settlement, according to Healthcare Dive, is “the largest amount ever for a data breach settlement … .” Anthem had a $100 million insurance policy for cyberattacks when the breach occurred.
“This was one of the largest cyber hacks of an insurance company’s customer data,” California Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected.
The company received its fair share of controversy, too, after having reportedly failed to bolster its cybersecurity after a 2013 audit which found inadequate security infrastructure. It was also slow to inform the affected people, most of whom were notified several weeks after the attack.
Part of the settlement also requires Anthem to strengthen its cybersecurity infrastructure to better ward future breach attempts. According to the plaintiffs’ lawyers, that includes “encryption of certain information and archiving sensitive data with sensitive access controls.”