Anthem Settles Data Breach Litigation for $115m

by | Jun 27, 2017

The largest data breach settlement officially recorded has been agreed by the health insurer Anthem Inc.

Anthem suffered the largest healthcare data breach ever reported in 2015, with s cyberattack leading to the theft of 78.8 million records of current and former health plan clients. The breach included names, addresses, Social Security numbers, emails, birth dates and employment/income information.

The scale of the data breach resulted in many class-action lawsuits, with in excess of 100 lawsuits consolidated by a Judicial Panel on Multidistrict Litigation. Now, two years later, Anthem has agreed to settle the litigation for $115 million. If this settlement is approved it will be largest single data breach settlement ever

After suffering the data breach, Anthem made an offer of two years complimentary credit monitoring services to all affected plan members. The proposed settlement will, in part, be used to fund a further two years of credit monitoring services.

The alternative options available are:

  • People who have already signed up for the credit monitoring services previously offered may be permitted to receive a cash payment of $36 in lieu of the additional two years of cover or
  • Up to $50 if funds are still available.

This settlement also includes a sum of $15 million fund to cover out-of-pocket expenses incurred by the plaintiffs, which will be ruled on by a case-by-case basis for as long as there are funds remain available.

In addition to this Anthem has also agreed to put aside ‘a certain level of funding’ to make enhancements to its cyber security defenses and systems, including the use of improved encryption to secure data at rest. Anthem will also be making alterations to how it archives sensitive data and will be putting in place stricter access controls. While the settlement has been agreed, Anthem has not accepted responsibility for any wrongdoing.

Anthem Spokesperson Jill Becher outlined that while data were obtained in the cyber  attack, Anthem has not found evidence to suggest any of the information stolen in the cyberattack was used to commit fraud or was sold on for profit. Becher also stated, “We are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was or may have been involved in the cyberattack and who will now be members of the settlement class.”

While the decision to settle has been agreed upon, the settlement must now be approved by the U.S. District judge in California ruling on the case. District Judge Lucy Koh will hear the case on August 17, 2017.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy