Massachusetts A.G. Healey: Health Insurer to Pay $10 Million in National Settlement Over Data Breach Affecting Sensitive Information of Millions
* * *
- Breach Exposed the Personal Information of 37,626 Massachusetts Residents; State to Receive More Than
* * *
The 30 state attorneys general involved in the settlement allege Premera failed to meet its obligations under the federal Health Insurance Portability and Accountability Act (HIPAA) and violated the state consumer protection law by not addressing known cybersecurity vulnerabilities that gave the hacker unrestricted access to protected health information for almost a year.
"This company's repeated disregard for the weaknesses in its data security system left millions of Americans' sensitive information vulnerable to hackers," said AG Healey. "Our settlement requires the company to improve its data security practices and stop putting consumers' data at risk of being breached."
According to the complaint filed with today's settlement in
In the complaint, the attorneys general also allege Premera misled consumers nationwide about its privacy practices in the aftermath of the data breach. When the hacking incident became public, the company told consumers their information was not accessed or misused and that the company had significant security measures in place to protect consumer information, even though multiple security experts and auditors warned the company of its security vulnerabilities prior to the breach.
Under HIPAA, health insurers like Premera are required to implement administrative, physical, and technical safeguards that reasonably and appropriately protect sensitive consumer information.
In addition to the
* Ensure its data security program protects personal health information as required by law;
* Regularly assess and update its security measures;
* Provide data security reports completed by a third-party security expert; and,
* Hire a chief information security officer experienced in data security and HIPAA compliance who will be responsible for implementing the company's security program and will meet regularly with Premera's executive leadership.
Joining AG Healey in today's multistate settlement are attorneys general from
This case was handled by Assistant Attorney General
Idaho A.G. Wasden Obtains Settlement From Health Insurer Premera Over Failure to Protect Sensitive Data From Hacker
John Poulos to Lead CBRE National Healthcare
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News