FORT WAYNE, Ind. (WPTA21) — Indiana and Ohio are getting a payout as a part of a multi-state settlement with a health insurance company that failed to secure sensitive consumer data.
The settlement comes as Premera Blue Cross had sensitive consumer data exposed by a hacker. The complaint says the company neglected to address known cybersecurity vulnerabilities that the hacker took advantage of to access protected health information.
For years before the breach, the complaint says cybersecurity experts and the company’s own auditors repeatedly warned Premera of its inadequate security program, yet the company accepted many of the risks without fixing its practices.
After the breach became public, Premera’s call center agents told consumers there was “no reason to believe that any of your information was accessed or misused.”
Wednesday’s settlement requires Premera to:
Additionally, Premera must pay $10 million total to the 30 states involved in the settlement in addition to any amount Premera will be paying as a result of a proposed class action settlement.