Anthem will pay a record $16 million to settle potential privacy violations stemming from its massive data breach 2015 data breach which compromised the data of nearly 80 million current and former patients.
The settlement amount is reportedly three times larger than the previous record amount paid to the governments in privacy cases.
The company also agreed to a corrective action plan under government monitoring, which involves a process for the company to assess its electronic security risks, take appropriate countermeasures and maintain ongoing surveillance, according to the Associated Press.
The incident resulted in the leak of sensitive personal information which included names, dates of birth, member IDs and Social Security numbers, addresses, phone numbers, email addresses and employment information, including income data.
“Anthem takes the security of its data and the personal information of consumers very seriously,” the company said in a statement. “We have cooperated with (the government) throughout their review and have now reached a mutually acceptable resolution.”
The breach is a prime example in a long list of events in which healthcare and third-party providers have been a prime target for cybercriminals as they have been struggling to implement technology without the in-depth resources to adequately protect healthcare data and devices, Matan Or-El, co-founder and CEO of Panorays, told SC Media.
“Third-party security is a rising problem since security teams have no visibility – or control, over the systems of their suppliers,” Or-El said. “Additionally, hackers are targeting third-party systems and software that is used across healthcare organizations to make an industry-wide grab for data.”
Or-El added that these problems are exacerbated with the ever-expanding number of suppliers accessing the company’s data. To address this, he said healthcare organizations should establish security benchmarks which third party vendors are required to meet and to continuously monitor digital assets.