Anthem To Pay $150,000 To Settle Personal Data Breach Allegations
On Monday, California Attorney General Kamala Harris (D) announced a settlement with Anthem Blue Cross over an alleged data breach that compromised the personal information of 33,756 Anthem members, Healthcare IT News reports (McCann, Healthcare IT News, 10/2).
Details of Alleged Breach
According to state officials, Anthem included Social Security numbers as part of a priority code on marketing mailers and payment letters that were sent to Medicare beneficiaries between April 2011 and March 2012. The code and Social Security number could be seen through the envelope window, according to the state (Robertson, Sacramento Business Journal, 10/2).
Harris said that the action was a violation of state law restricting disclosure of Social Security numbers.
The state filed a complaint against Anthem in Los Angeles Superior Court (Conn, Modern Healthcare, 10/2).
Corrective Action
In a statement, Anthem said that it suspended mailings as soon as the company became aware of the problem. Officials said, "There is no indication of a data breach or that any information from these mailings was used in a way that was detrimental to our members."
The insurer then mailed letters to affected members notifying them of the issue and offering them one year of no-cost credit monitoring services.
Anthem also implemented training and processes to correct the error and developed an alert system that will notify officials when sensitive data are requested by the marketing department (Sacramento Business Journal, 10/2).
Details of Settlement
Anthem will pay $150,000 to settle the allegations and implement a number of procedural changes (Modern Healthcare, 10/2).
The changes Anthem has agreed to make include:
- Implementing new technical safeguards for its data management system;
- Providing enhanced data security training for all associates; and
- Restricting employee access to members' Social Security numbers.
The changes must be implemented within a 90-day period (Healthcare IT News, 10/2).
Anthem did not admit any wrongdoing as part of the settlement (Modern Healthcare, 10/2). This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.