Anthem Inc. offered a $115 million settlement deal in 2017 to take care of the class action legal cases submitted by the victims of a 78.8 million-record security breach in 2015. The proposed settlement was eventually okayed on August 16.
The Anthem cyberattack caused the stealing of plan members’ names, birth dates, medical insurance details, Social Security numbers and other information by malicious actors. A few class-action legal cases were filed after the breach, but the Judicial Panel for Multidistrict Litigation combined the legal cases into one case in June 2015. The lawsuit was designated to the U.S District Court for the Northern District of California because that is where majority of the class members are living.
Even though 78.8 million persons had their protected health information (PHI) compromised at the time of the hacking of Anthem’s network, just 19.1 million members of the class action case could show that their private data was kept in the data center which the cyber criminals attacked.
After the security breach, Anthem provided the victims two years of credit monitoring services at no cost; yet, numerous class members separately paid for those services and accrued other extra expenses as a consequence of the breach. The settlement grants the class a fast, sure, and meaningful restoration, says Judge Koh. In the event the settlement was turned down, not only can the lawsuit come at a substantial cost, there will be no assurance that the lawsuit would do well. If it did, it will still end up in significant slow downs in any payment being given to the class members to take care of costs related to the breach.
Several class members feel the settlement is not sufficient and that it does not adequately penalized Anthem, even though U.S. District Judge Lucy H. Koh thinks the settlement is fair, appropriate, and satisfactory. Although various questions were received, Judge Koh concluded that none were reasonable.
The settlement says that Anthem has to pay out for 24 months of credit monitoring services. This is aside from the credit monitoring services formerly given by Anthem. Class members without credit monitoring services available could sign-up by submitting a basic form. Class members who formerly signed up for credit monitoring services may claim a cash settlement as an substitute, as long as they have evidence of their existing credit monitoring services. The fund is enough to let every class member who has given a claim to obtain a maximum payment of $50 as a cash option.
The settlement in addition has a funding of $15 million for persons who have previously accrued out-of-pocket charges resulting from the data breach. To date, just approximately 1.33 million persons have sent in a claim. The settlement grants claims of around $10,000 per person to repay out of pocket expenditures.
Anthem has agreed to employ extra security controls to make certain sensitive data is better secured from now on, which includes using encryption for data at rest and tweaks to its data security operations.