Skip to main content

Anthem to Pay $39.5M to Settle 2015 Cyber-Attack

Analysis  |  By John Commins  
   September 30, 2020

Anthem disclosed in February 2015 that hackers had infiltrated its systems beginning in February 2014 using malware installed through a phishing email.

Anthem Inc. on Wednesday announced that it had reached a multistate settlement that resolves a months-long 2015 data breach that exposed the personal information of 78.8 million customers nationwide.

Calling itself "a victim of a sophisticated state-sponsored criminal attack group," the Indianapolis-based health insurer said it had cooperated with state attorneys general throughout the investigation before agreeing to the settlement.

Anthem disclosed in February 2015 that the hackers had infiltrated its systems beginning in February 2014 using malware installed through a phishing email.

"The company is pleased to have resolved this matter, which is the last open investigation related to the 2015 cyber-attack," Anthem said in a media release. "Anthem does not believe it violated the law in connection with its data security and is not admitting to any such violations in this settlement with the state attorneys general."

The breach gave hackers access to Anthem's data warehouse, where they stole names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information.

Anthem will also adhere to more stringent data security and good governance provisions designed to strengthen its practices going forward.   

The settlement already cost Anthem $115 million to establish a class action settlement fund for credit monitoring and payments of up to $50 for customers.  

“The company is pleased to have resolved this matter, which is the last open investigation related to the 2015 cyber-attack.”

John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.

Photo credit: ck photo ID: 329315444 INDIANAPOLIS - CIRCA OCTOBER 2015: Anthem World Headquarters, Indianapolis, IN / Jonathan Weiss / Shutterstock


KEY TAKEAWAYS

The breach exposed names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information.

In addition to the fine, Anthem will adhere to more stringent data security and good governance provisions designed to strengthen its practices going forward.   

The settlement already cost Anthem $115 million to establish a class action settlement fund for credit monitoring and payments of up to $50 for customers. 


Get the latest on healthcare leadership in your inbox.