Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack

Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people.

Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people.

The Blue Cross-Blue Shield insurer said Wednesday that it will pay $39.5 million to settle an investigation by a group of state attorneys general. Anthem said it was the last open investigation into the attack.

The company also agreed nearly two years ago with the U.S. Department of Health and Human Services to pay $16 million to settle possible privacy violations.

Indianapolis-based Anthem Inc. provides health insurance coverage to more than 42 million people in several states, including key markets like California and New York.

The company discovered the data breach in early 2015 after hackers had been burrowing into its systems for weeks. Security experts said at the time that the size and scope of the attack indicated potential involvement by a foreign government.

Hackers used a common email technique called spear-phishing in which unwitting company insiders are tricked into revealing usernames and passwords. The Anthem attackers gained the credentials of system administrators, allowing them to probe deeply into the insurer’s systems.

The attack exposed information that included names, birthdates, Social Security numbers and medical IDs.

Last year, a federal grand jury indicted two members of a hacking group operating from China in the attack.

Anthem said Wednesday that it was the victim of a “sophisticated state sponsored criminal attack group” in the attack. The insurer said it did not believe it violated the law in connection with its data security, and it was not admitting to that with its latest settlement.

The insurer also said that it has found no evidence that information obtained in the attack led to fraud.

Shares of Anthem climbed nearly 3% to $267.21 in morning trading, while broader indexes rose around 1%.

Related: Wendy’s Reaches $50 Million Settlement With Banks Over Data Breach

Related: Equifax Ordered to Spend $1 Billion on Data Security Under Data Breach Settlement

Related: Anthem Hackers Targeted Multiple Industries Since 2012: Symantec

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.