Premera pays millions of individual victims and 30 states in HIPAA Data Breach class action

Premera Blue Cross, the largest health care plan in the Pacific Northwest, was targeted by hackers over the course of 10 months starting in May 2014.

During the episode, patient social security numbers, medical records, names and bank account numbers were compromised. According the Class Action Suit, Premera ignored the warnings of its own digital security staff and outside network security auditors.

HIPAA Data Breaches Can Damage Millions of Individuals

The 10.4 million patients whose data was illegally accessed agreed to a $74 million settlement in June 2019. Last week, Premera settled with 30 states for an additional $10 million.

30 States Sue Premera in HIPAA Data Breach Class Action

States participating in the Class Action were: Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Jersey, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Rhode Island, Utah, Vermont, and Washington.

A HIPAA Data Breach Will Cause Long-Term Pain For The Target Business

The $84 million doesn’t tell the whole story, however. The settlement agreement requires Premera to create a new cybersecurity executive position. The Chief Information Security Officer will manage all HIPAA Compliance in addition to the insurer’s data security efforts.

The agreement details how often this Security Officer must meet with executive management, including a required meeting between the officer and the CEO every two months.

What’s Your HIPAA Data Breach Exposure?

Does your HIPAA Compliance Officer have adequate access to your executive team? Is your Senior Management aware of its role in HIPAA Compliance?

If not, we’re here to help.