Hawaii is part of a multi-state settlement of $39.5 million with insurance company Anthem regarding a massive data breach in 2014, according to the state Department of the Attorney General and Office of Consumer Protection.
The state of Hawaii is expected to receive a little over $156,600 from the settlement with a 43-state coalition and California. Anthem has also agreed to a series of data security and good governance provisions to strengthen its practices going forward.
“All companies – and particularly companies that possess sensitive health information – must protect their customers’ data and respond appropriately in the event of a data breach,” said state Attorney General Clare E. Connors in a news release. “Companies that fail to do so will face penalties and law enforcement scrutiny until they improve their security systems.”
In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014, using malware installed through a phishing email.
The attackers accessed Anthem’s data warehouse, where they harvested names, dates of birth, Social Security numbers, health care identification numbers, home addresses, email addresses, phone numbers, and employment information for 78.8 million Americans.
In Hawaii, 43,830 residents were affected by the breach.
In the immediate wake of the breach, at the request of the Connecticut Office of the Attorney General, Anthem offered an initial two years of credit monitoring to all affected U.S. individuals.
“Companies have to do a better job in safeguarding our personal information. Breaches such as these are too commonplace,” said Stephen Levins, OCP executive director in a statement. “The settlement shows that there will be significant law enforcement consequences to businesses that fail to protect consumer data.”