Blue Cross insurance will be pay $10M USD fine for data breach
According to reports from information security experts, Premera Blue Cross, the Pacific’s largest insurer, agreed to pay about $10 million in 30 states after a data breach incident was revealed that compromised the more than 10 million people in the U.S.
The company reached an agreement with the
Washington Attorney General’s Office; the agreement was filed after Permera
paid more than $70M USD to resolve a class action filed by users affected by
the incident.
The plaintiffs claim that a group of information
security experts had warned the company about serious security vulnerabilities
in their systems and their poor update patches policy. The lawsuit accuses the
company of not meeting its data protection obligations as set forth in the
Federal Health Insurance Portability and Accountability Act (HIPAA).
The Washington attorney general’s office says
the company was aware of its security flaws; “The company internal
information security staff warned Premera on multiple occasions; apparently,
the company decided not to give importance to the advice of their own experts”,
added Bob Ferguson, Washington Attorney General.
The data
breach remained from May 2014 until its detection in March 2015.
According to specialists from the International Institute of Cyber Security
(IICS), hackers were able to access confidential information of Premera
customers, such as clinical history, bank details, and social security numbers,
among others. In total, 1 million 400 thousand customers of the company, mainly
inhabitants of the West Coast, were affected.
Premera agreed to pay $5.4 million to
Washington State; the rest of the compensation will be shared among the other
states involved. According to the experts of the International Cyber Security
Institute (IICS), the company also undertook to update its data protection
policies, and will also have to submit periodic reports to the relevant
authorities.
The agreement still requires the approval of
judges from other states, as they require the company to provide two years of
credit monitoring and identity fraud protection services to affected users.
(Visited 6 1 times)
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
Source link
Gloss