Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
A health insurance company must pay out $5.1 million in fines to the federal government over a massive data breach that started over 7 years ago.
New York-based Excellus was found by the Office of Civil Rights (OCR) and the U.S. Department of Health and Human Services to be responsible in the breach and failed to properly protect consumer data, according to the resolution agreement.
Criminal hackers gained access to Excellus networks in 2013 and installed malware that allowed them to skim private data, including bank accounts, Social Security numbers, birthdays, email addresses and clinical treatment plans for nearly two years.
More than 9.3 million people’s records were exposed, according to an Info Security magazine report. Excellus CEO Chris Booth said in a statement in 2015 that the company alerted the FBI about the data breach in August when it learned of the “sophisticated attack”, but admitted the breach started Dec. 2013.
The incident was a “textbook case study in how hackers are able to stay under-the-radar and go undetected for long periods of time,” Fortscale CEO Idan Tendler, a former cyber warfare commander of the Israeli Defense Forces told Info Security. “The hackers’ ability to go unnoticed and gain unauthorized access to the company’s IT systems and the personal information of potentially thousands of people does not come as a surprise.”
New York resident Katie Fuller filed a class action lawsuit after learning of the Excellus data breach in 2015. A series of similar class action lawsuits arose that year stemming from other data breaches.
Excellus provides health insurance coverage to over 1.5 million people in upstate and western New York and affected the following health care plans with the breach: BlueCross BlueShield of Central New York; BlueCross and BlueShield of the Rochester area; BlueCross BlueShield of Utica-Watertown; and Excellus BlueCross BlueShield.
The fines imposed by the federal government against Excellus for the data breach mark one of the largest of its kind, according to Cyberscoop.com.
Health insurance provider Anthem, Inc. settled for $115 million in a data breach of their networks in 2015. Plaintiffs filed a class action lawsuit arguing the health insurer failed to properly encrypt private information.
Attorneys at the time called the deal the largest settlement ever for a data breach, according to a 2017 Reuters report.
More recently in September, The Department of Health and Human Services announced a fine against insurance company Premera Blue Cross for $6.85 million. The federal agency says the company fell victim to phishing emails in 2015, exposing private data for almost nine months undetected. 10.4 million patient records were put in jeopardy this way, according to the agency’s press release.
“Hacking continues to be the greatest threat to the privacy and security of individuals’ health information,” OCR director Roger Severino told Info Security. “Health care entities need to step up their game to protect the privacy of people’s health information from this growing threat.”
Are you concerned about your private data being exposed in a data breach? What do you do to protect yourself? Have you been a victim of stolen personal information? Let us know in the comments below.
Read About More Class Action Lawsuits & Class Action Settlements:
4 thoughts onFeds Fine Excellus Insurance $5.1M in Data Breach
Add me
Add me
Please add me.
Add me