The New York Attorney General ('AG'), Letitia James, announced, on 30 September 2020, that she, along with 42 AGs, had entered into a $39.5 million settlement with Anthem, Inc. over a 2014 data breach affecting the personal information of 78.8 million customers nationwide, in violation of the Health Insurance Portability and Accountability Act of 1996 ('HIPAA'). In particular, the AG outlined that the data breach resulted in unauthorised actors gaining access to Anthem's data warehouse, where Anthem harvested names, dates of birth, social security numbers, health care identification numbers, home addresses, email addresses, phone numbers, and employment information. In addition, the AG noted
News
USA: AGs reach $39.5 million settlement with Anthem over 2014 data breach
October 1, 2020
Summary
The New York Attorney General, Letitia James, and 42 other AGs reached a $39.5 million settlement with Anthem, Inc. over a 2014 data breach that compromised the personal information of 78.8 million customers. The breach involved unauthorized access to Anthem's data warehouse and exposed sensitive data including social security numbers and health care identification numbers. Anthem is required to enhance its security protocols, adopt zero trust architecture, undergo regular security reporting, and submit to third-party security assessments for three years. The settlement also mandates specific security measures such as segmentation, logging, anti-virus maintenance, access controls, two-factor authentication, encryption, and penetration testing.