HEALTH

Anthem reaches settlement in massive 2015 security breach

Liz Freeman
Naples
This Dec. 3, 2014, file photo shows the Anthem logo at the company's corporate headquarters in Indianapolis.

Anthem has agreed to pay $115 million to settle class-action lawsuits stemming from a 2015 cyberattack breach that may have affected the personal information of nearly 80 million customers, company officials said Monday.

The settlement agreement, which needs to be approved in court, will end multidistrict class action litigation against the Indianapolis-based company.

Anthem discovered the cyberattack in late January 2015 and contacted the FBI. It also retained Mandiant, a leading cybersecurity firm, to evaluate its system. Nearly 78.8 million individuals were affected and were offered identification protection services.

More:Millions of Anthem customers alerted to hack

In reaching the settlement, Anthem is not admitting any wrongdoing or that any individuals were harmed as a result of the cyberattack, according to a company statement.

“Nevertheless, we are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was or may have been involved in the cyberattack and who will now be members of the settlement class,” the company statement says.

The settlement agreement is scheduled to be heard Aug. 17 in the U.S. District Court for the Northern District of California in San Jose, company officials said. A third party settlement administrator would be appointed.

When the cyberattack was discovered, Anthem offered two years of credit monitoring and identity protection services to all individuals whose data may have been impacted.

The breach was discovered when a systems administrator saw a database query was running with his identifier code and he had not initiated the query, according to Becker’s Healthcare, a leading hospital industry publication.

At the time of cyberattack, Anthem covered 37 million people in the U.S. It is a separate company from Florida Blue but both are members of the Blue Cross and Blue Shield Association of independent insurers. Due to various collaborative agreements, Florida Blue members could have been affected by the breach, a Florida Blue spokesman said in 2015.

As part of the final resolution of the litigation, class members can receive an additional two years of monitoring, Anthem said.

In addition, $15 million from the fund will be allocated to pay for actual out-of-pocket costs, up to a set amount, that the class members claim they incurred due to the attack.

“Class members who already have credit services can submit a claim to receive alternative cash compensation instead of receiving the credit services provided by the settlement,” Anthem said.

“If the court preliminary approves the settlement, the settlement administrator will set up a website regarding this settlement, and we will update www.AnthemFacts.com with a link to that website and a phone number for the settlement administrator as soon as those are available,” the company statement said.