Health insurance company Premera Blue Cross has agreed to a $72 million proposed settlement that would resolve a contentious class-action lawsuit stemming from a 2014 data breach affecting roughly 10.6 million people.
Pending court approval and barring further appeals, the deal would require Premera to pay $42 million to fund comprehensive remedial measures and injunctive relief in the form of information security program improvements and business practice changes over the next three years, according to a motion filed on May 30 in Oregon District Court.
To that end, Premera has committed to "encrypting, archiving, and maintaining protected environments for data; requiring two-factor authentication for remote access for all personnel and vendors; performing various audits and testing exercises, and collecting and maintaining logs of covered information systems; operating a Cyber Security Operations Center; employing a Chief Information Security Officer; requiring Information Security training for its associates, etc." according to the motion.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.