Arizona included in $10M settlement with health insurance company
PHOENIX — The Arizona Attorney General’s Office has reached a settlement with a health insurance company whose 2014-15 data breach exposed protected health and personal information for more than 10 million consumers nationwide.
Arizona was one of 30 states who settled with Premera Blue Cross as part of a $10 million settlement, Arizona Attorney General Mark Brnovich announced last week.
The state will receive about $150,000 from the settlement and the funds will go to the attorney general’s consumer-protection revolving fund.
“Companies that collect and maintain sensitive personal information, particularly sensitive health information, must take steps to ensure the security and privacy of that information,” Brnovich said in a press release. “When they fail to do so, they violate the trust we place in them, and my office will continue to hold them accountable.”
The complaint alleged that between May 2014 and March 2015, a hacker had unauthorized access to Premera’s network, which contained items such as private health information, Social Security numbers, bank account information and email addresses.
The unauthorized access led to Health Insurance Portability and Accountability Act compliance issues and violated the Arizona Consumer Fraud Act, the complaint said.
Premera had been warned repeatedly by cybersecurity experts and its own auditors about multiple weaknesses in the company’s data-security practices, according to the press release.
Premera is based out of Mountlake Terrace, Washington, and is the largest health insurance company in the Pacific Northwest.