Six details:
1. The Indianapolis-based health insurer’s settlement agreement is with a group of state attorneys general investigating the cyberattack.
2. In a Sept. 30 statement, Anthem said it “does not believe it violated the law in connection with its data security and is not admitting to any such violations in this settlement with the State Attorneys General.”
3. The $39.5 million settlement will close the last investigation into the hacking incident; Anthem previously paid $115 million to settle more than 100 class-action lawsuits alleging the company lacked proper data security protocols. Anthem also agreed to pay HHS $16 million to settle potential privacy violations.
4. The 2015 cyberattack resulted in the theft of 78.8 million customers’ personal information, including names, dates of birth and Social Security numbers.
5. To break into Anthem’s computer systems and steal business information and the records, hackers used a spearphishing technique, which is an email campaign embedded with hyperlinks. The email was sent out to Anthem employees, and when they clicked on the link, it downloaded a file that deployed malware that gave the hackers remote access to the system.
6. In 2019, a federal grand jury in Indianapolis indicted Fujie Wang in connection with the computer hacking. Mr. Wang is believed to be in Shenzhen, China, and it is not clear if the U.S. would be able to bring him to trial if he is apprehended.
More articles on cybersecurity:
‘It’s not a good week for healthcare’: Health system IT execs react to recent ransomware attacks
HHS tells hospitals to guard against Ryuk ransomware attack: 10 thinks to know
More than 5.5M health records breached in September
