Anthem Blue Cross Fined $150,000 for Data Breach
More than 33,750 members' Social Security numbers were exposed.
California Attorney General Kamala D. Harris recently announced a settlement with Anthem Blue Cross over the insurer's failure to protect its members' personal information.
"Between April 2011 and March 2012, Anthem printed the Social Security numbers as part of a priority code on marketing mailers and payment letters mailed to more than 33,750 Medicare members in violation of state law the restricts disclosure of the numbers," writes The Sacramento Business Journal's Kathy Robertson. "The priority code -- and Social Security number -- was viewable through the envelope window."
"As a result, Harris’ office found Anthem in violation of a state law that restricts the disclosure of Social Security numbers, and filed a complaint against Anthem in Los Angeles Superior Court," Infosecurity reports. "For its part, Anthem Blue Cross said that it suspended mailings as soon as the company became aware of the problem. "
"Under the terms of the settlement recently filed in Superior Court of California, County of Los Angeles, Anthem Blue Cross, also known as California Blue Cross, agreed to pay a $150,000 penalty," writes DataBreachToday's Marianne Kolbasuk McGee. "That payment by one of California's largest insurers includes $40,000 that's being placed in a state Unfair Competition Law Fund and $110,000 for legal and investigative costs related to the case."
"The settlement also requires Anthem to implement new technical safeguards for its data management system, to restrict employee access to members' Social Security numbers and to provide enhanced data security training for all of its associates, all of which are required to be enacted within a 90-day period," writes Healthcare IT News' Erin McCann.
"Our office is committed to protecting the privacy of Californians," Attorney General Harris said in a statement. "This settlement requires the company to make significant improvements to its data security procedures to ensure this type of error does not happen again."