Monday - August 19, 2019
AG Reaches Deal on Data Breach
Written by Bruce Ferrell   
Thursday, 11 July 2019 13:53

RALEIGH -- Attorney General Josh Stein  and other attorneys general reached a $10 million multistate settlement with health insurance company Premera over its failure to secure sensitive consumer data, which exposed the personal and protected health information of more than 10.4 million consumers to a hacker for almost a year.

“Premera’s failure to address known vulnerabilities in its security practices gave a hacker easy access to millions of people’s personal information and health details,” said Attorney General Josh Stein. “Businesses have to do better safeguarding consumer and patient data. My office will continue to hold them accountable if they fail to do so.”

From May 5, 2014, until March 6, 2015, a hacker had unauthorized access to the Premera network and consumers’ sensitive personal information, including private health information, Social Security numbers, bank account information, names, addresses, phone numbers, dates of birth, member identification numbers, and email addresses. The hacker took advantage of multiple known weaknesses in Premera’s data security – cybersecurity experts and the company’s auditors had warned Premera about these inadequacies, but the company failed to sufficiently address them.

In their complaint, the coalition of 30 attorneys general assert that the company failed to meet its obligations to safeguard information and protect data under the federal Health Insurance Portability and Accountability Act (HIPAA) and violated North Carolina’s law against unfair and deceptive trade practices. Premera also misled consumers about its privacy practices after the breach became public, telling consumers there was “no reason to believe that any of your information was accessed or misused,” and claiming that, “there were already significant security measures in place to protect your information.”

Under the settlement, Premera will pay $10 million to the states, implement specific data security controls intended to protect personal health information, annually review its security practices and provide data security reports to the attorneys general, and hire a chief information security officer to maintain data security.

Attorney General Stein is joined in today’s multistate settlement by the Attorneys General of Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Jersey, North Dakota, Ohio, Oklahoma, Oregon, Rhode Island, Utah, Vermont, and Washington.

Last Updated on Thursday, 11 July 2019 16:57
 
Banner
Banner
Banner
Banner
Banner
Banner
Banner

 

NCNN is a division of Curtis Network Group, Inc.
3012 Highwoods Blvd. - Suite 201 - Raleigh, NC 27604
Office/Sales: 919-790-9392 | Newsroom: 919-878-1724
Copyright © 2018 - Curtis Media Group, Inc.