A national insurance company, Anthem, has agreed to pay Arizona a paltry $280,000 to resolve allegations stemming from a 2014 data breach that involved the personal information of 78.8 million Americans.
According to Anthem, the data breach extended into multiple brands the company uses to market its healthcare plans, including, Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, UniCare, and Healthlink.
The settlement with the Arizona Attorney General’s Office (AGO) is part of a $39.5 million settlement with 43 total states and the District of Columbia. In addition to the payment, Anthem has also agreed to a series of data security and good governance provisions.
In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014, using malware installed through a phishing email. The attackers were ultimately able to access Anthem’s data warehouse, where they harvested names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information for 78.8 million Americans.
In Arizona, over 400,000 residents were affected by the breach.