Connecticut Attorney General William Tong. Courtesy photo.30 States Sign $10M Settlement Agreement With Premera Blue Cross Over Security Breach
Attorneys general from 30 states, including California, Connecticut, Florida and New Jersey, signed the agreement.
July 11, 2019 at 06:26 PM
3 minute read
The original version of this story was published on Connecticut Law Tribune
A coalition of attorneys general from 30 states, including California, Connecticut, Florida and New Jersey, reached a $10 million settlement agreement with Premera Blue Cross over its alleged failure to secure consumer data.
According to the settlement agreement, Premera's insufficient data security gave a hacker access to health and personal information of more than 10.4 million consumers nationwide.
Washington state, where Premera is headquartered, led the multistate coalition.
Under the settlement, California will get $996,000 for about 400,000 affected residents. Connecticut will receive $52,642 for about 15,000 residents, New Jersey $72,168 for about 40,000 people, and Florida about $112,000 for 97,000 Floridians whose files were breached.
New York and Texas were among the 20 states that were not part of the settlement agreement.
The data breach, officials said, occurred from May 2014 to March 2015, when a hacker breached the Premera network and had access to clients' Social Security numbers, bank account information, phone numbers and member identification numbers.
The settlement requires Premera to take several steps. Among them: ensuring its data security program protects personal health information, regularly assessing and updating its security measures, hiring a chief information security office for a separate position from the chief information officer, and holding regular meetings between that chief information security officer and the company's executive management. The company's compliance officer must also develop a process for evaluating risks, determining priorities and reviewing compliance plans.
“We are pleased to have reached an agreement with state attorneys general to resolve legal inquiries into the 2014 cyber attack on our data network,” Premera Blue Cross spokeswoman Dani Chung said in a statement Thursday. “The commitments we have agreed to are consistent with our ongoing focus on protecting personal consumer information.”
Connecticut Attorney General William Tong said the settlement requires the company to implement specific data-security controls to safeguard consumers' personal health information.
“Premera was repeatedly warned by cybersecurity experts about deficiencies in its security program, yet the company failed to fix its practices,” Tong said.
New Jersey Attorney General Gurbir Grewal suggested the agreement should prompt corporations to be vigilant against breaches.
“As today's settlement shows, companies that fall short will be held accountable, face penalties, and be required to improve their systems to prevent future harm to even more customers,” he said.
Grewal's office said separate class action litigation over the breach resulted in a proposed settlement in June that requires Premera Blue Cross to make $42 million in cybersecurity upgrades.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
