AG Slatery Joins $39.5 Million Data Breach Settlement

Nashville, TN- Attorney General Herbert H. Slatery III has joined a $39.5 million settlement with Anthem stemming from the massive 2014 data breach. Through the settlement, Anthem has reached a resolution with the 43-state coalition and California. Tennessee will receive $400,556.46 from the settlement.

In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems. The attackers harvested names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information for 78.8 million Americans. In Tennessee, 773,763 residents were known to have been affected by the breach.

“Consumers’ sensitive personal health information should always be given the strongest protections,” said General Slatery. “This massive breach at a major insurer affected hundreds of thousands of Tennesseans, and this settlement affirms that it is critical for companies to use the highest levels of security when it comes to this kind of data.”

In addition to the payment, Anthem has also agreed to a series of data security and good governance provisions which include:

• a prohibition against misrepresentations regarding the extent to which Anthem protects the privacy and security of personal information;
• implementation of a comprehensive information security program, including regular security reporting to the Board of Directors and prompt notice of significant security events to the CEO;
• specific security requirements with respect to segmentation, logging and monitoring, anti-virus maintenance, access controls and two factor authentication, encryption, risk assessments, penetration testing, and employee training, among other requirements; and
• third-party security assessments and audits for three (3) years.

To read the Agreed Final Order, click here: https://www.tn.gov/content/dam/tn/attorneygeneral/documents/pr/2020/pr20-43-order.pdf

The Connecticut Office of the Attorney General led the multistate investigation, assisted by the Attorneys General of Illinois, Indiana, Kentucky, Massachusetts, Missouri, and New York, and joined by the Attorneys General of Alaska, Arizona, Arkansas, Colorado, the District of Columbia, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Nebraska, New Hampshire, New Jersey, Nevada, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Virginia, Washington, West Virginia, and Wisconsin.

###

#20-43:  AG Slatery Joins $39.5 Million Data Breach Settlement