Premera Blue Cross agrees to $74M settlement after exposing 10.6 million patients

Mackenzie Garrity - Print  | 

Premera Blue Cross has agreed to settle a data breach lawsuit that was brought against the insurer after a cyberattack in May 2014 exposed 10.6 million patients.

The insurer announced in 2015 that the cyberattack had occurred, prompting the plaintiffs to file a class action lawsuit in the U.S. District Court of Oregon. In the data breach, patients' names, dates of birth, social security numbers and protected health information were exposed.

Premera has agreed to pay $32 million to resolve the lawsuit. The money will pay for patients who file claims to receive two additional years of credit monitoring and identity protection services. Patients who were affected can also file claims for cash payments.

Additionally, Premera has agreed to pay a minimum of $42 million to fund a new information security program over the next three years. The insurer will incorporate these changes:

"We are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was potentially accessed during the cyberattack. Premera takes the security of its data and the personal information of its customers seriously and has worked closely with state and federal regulators and their security experts," Premera's Executive Vice President and CIO Mark Gregory said in a news release.

More articles about health IT:
HHS OIG warns against genetic testing scam
Battle of the coasts: How Boston-based digital health companies compete with Silicon Valley for tech talent
Smaller tech 'tweaks' add up to make a big impact on clinical care

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.