Anthem has agreed to pay $39.5 million to settle allegations of inadequate data security related to a 2015 cyberattack that exposed the personal information of nearly 79 million individuals, according to a Sept. 30 Indiana Business Journal report.
Six details:
1. The Indianapolis-based health insurer's settlement agreement is with a group of state attorneys general investigating the cyberattack.
2. In a Sept. 30 statement, Anthem said it "does not believe it violated the law in connection with its data security and is not admitting to any such violations in this settlement with the State Attorneys General."
3. The $39.5 million settlement will close the last investigation into the hacking incident; Anthem previously paid $115 million to settle more than 100 class-action lawsuits alleging the company lacked proper data security protocols. Anthem also agreed to pay HHS $16 million to settle potential privacy violations.
4. The 2015 cyberattack resulted in the theft of 78.8 million customers' personal information, including names, dates of birth and Social Security numbers.
5. To break into Anthem's computer systems and steal business information and the records, hackers used a spearphishing technique, which is an email campaign embedded with hyperlinks. The email was sent out to Anthem employees, and when they clicked on the link, it downloaded a file that deployed malware that gave the hackers remote access to the system.
6. In 2019, a federal grand jury in Indianapolis indicted Fujie Wang in connection with the computer hacking. Mr. Wang is believed to be in Shenzhen, China, and it is not clear if the U.S. would be able to bring him to trial if he is apprehended.