Montana A.G. Fox: Attorney General Fox Obtains Data Breach Settlement From Premera Blue Cross
Attorney General
In today's complaint, filed simultaneously with the terms of the negotiated settlement, Attorney General Fox asserts the company failed to meet its obligations under the federal Health Insurance Portability and Accountability Act (HIPAA) and violated the state Consumer Protection Act by not addressing known cybersecurity vulnerabilities that gave a hacker unrestricted access to protected health information for almost one year. "This litigation marks the first time
From
Under the settlement, Premera will pay a combined total of
The complaint asserts that Premera misled consumers nationwide about its privacy practices in the aftermath of the data breach. After the breach became public, Premera's call center agents told consumers there was "no reason to believe that any of your information was accessed or misused." They also told consumers that "there were already significant security measures in place to protect your information," even though multiple security experts and auditors warned the company of its security vulnerabilities prior to the breach.
Under HIPAA, Premera is required to implement administrative, physical and technical safeguards that reasonably and appropriately protect sensitive consumer information. Premera repeatedly failed to meet these standards, leaving millions of consumer's sensitive data vulnerable to hackers.
Today's settlement also requires Premera to:
* Ensure its data security program protects personal health information as required by law;
* Regularly assess and update its security measures;
* Provide data security reports, completed by a third-party security expert approved by the multistate coalition, to the
* Hire a chief information security officer, a separate position from the chief information officer. The information security officer must be experienced in data security and HIPAA compliance and will be responsible for implementing, maintaining and monitoring the company's security program;
* Hold regular meetings between the chief information security officer and Premera's executive management. The information security officer must meet with Premera's CEO every two months and inform the CEO of any unauthorized intrusion into the Premera network within 48 hours of discovery.
In addition to
If any Montanans believe they have been the victim of identity theft resulting from this breach or any other, they can contact
Barry’s outer bands begin hitting southeastern Louisiana
Nevada A.G. Ford Joins Multistate Settlement Against Premera for Failure to Protect Sensitive Data of Millions Nationwide
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News