A federal district judge has approved a $74 million settlement to resolve a class action lawsuit against Premera Blue Cross for a 2014 data breach, according to the HIPAA Journal.
At the time, Premera Blue Cross was alerted that vulnerabilities existed in its network. However, the insurer failed to take action and more than 10.6 million patient records were exposed.
Per the settlement, Premera Blue Cross will set aside $32 million for people affected by the breach. Of the $32 million for patients, $10 million will go toward reimbursing people's costs incurred from the breach.
Premera Blue Cross will allocate $42 million to improving its security over the next three years.
"Improved data security benefits all class members, even if they are no longer insured by Premera or a related Blue Cross entity, because sensitive information remains stored on Premera's servers," the judge wrote.
Additionally, Premera Blue Cross settled a $10 million lawsuit with 30 states for failure to address the security risks. The data breach remains under investigation within the HHS Office for Civil Rights, reports the HIPAA Journal.