Jessica Davis reports:
Premera Blue Cross reached a proposed $74 million settlement with the 11 million patients impacted by its 2014 breach, caused by a sophisticated cyberattack that lasted for nearly one year before it was discovered.
In January 2015, Premera officials discovered the breach that began nearly a year earlier in May 2014. Premera, Premera Blue Cross Blue Shield of Alaska, and the insurer’s affiliates, Vivacity and Connexion Insurance Solutions were impacted, as well as patients who sought treatment in Alaska or Washington during that time period.
The breached data included member and applicant names, dates of birth, Social Security numbers, bank account information, claims data, member identification numbers, and some clinical data.
Read more on Health IT Security.
Lawsuits over data breaches are a dime a dozen, but this litigation had a higher likelihood of settling due to a number of factors. You can read previous news coverage of the breach and litigation on this site by following the links from these search results, but for now, I’ll just end this post with a quote from research by Sasha Romanosky, Hoffman, and Acquisti (2013):
In addition, we find that that the odds of a firm being sued are 3.5 times greater when individuals suffered financial harm, but over 6 times lower when the firm provides free credit monitoring to those affected by the breach. Moreover, the odds of a firm being sued as a result of improperly disposing data are 3 times greater relative to breaches caused by lost/stolen data, and 6 times greater when the data breach involved the loss of financial information. Our analysis suggests that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. The odds of a settlement are found to be 10 times greater when the breach is caused by a cyber-attack, relative to lost or stolen hardware, and the compromise of medical data increases the probability of settlement by 31%.