Attorney General Aaron Ford joins multi-state settlement against data breach

July 12, 2019 – Nevada Attorney General Aaron Ford and 29 other attorneys general announced a filed settlement that requires a health insurance company to pay $10 million to resolve claims about its failure to secure consumer date.

According to a statement from Ford’s office, Premera Blue Cross, based in the pacific northwest, had insufficient data security that exposed health information of more than 10 million consumers nationwide. Almost 50,000 customers were Nevadans.

From May 5, 2014 to March 6, 2015, a hacker had unauthorized access to the Premera network, including private health information. According to the statement, the hacker also had access to social security numbers, bank account information, names, addresses, phone numbers, dates of birth, member ID numbers and email address.

“Despite years of warnings, this company recklessly exposed some of the most sensitive consumer information,” said Ford. “This settlement not only gets justice for Nevada, but also puts everyone on notice that we are serious about data privacy and we will aggressively act to protect consumer information.”

A coalition of 30 states investigated Premera’s cybersecurity vulnerabilities and found the hacker to advantage of multiple weaknesses in the company’s system, the statement said. Years prior to the breach, cybersecurity experts and auditors warned the company about its “inadequate security program.”

In addition to the settlement payment, Premera was also ordered to implement specific data security controls “intended to protect personal health information, annually review is security practices and provide data security reports to the attorneys general,” the statement said.

The complaint the attorneys general filed against Premera alleges the company mislead consumers nationwide about its privacy practices in the aftermath of a data breach.

“They also misled consumers about the security measures in place, even though multiple security experts and auditors warned the company of its security vulnerabilities prior to the breach,” the statement said.

Aside from Nevada, other states involved in the settlement include Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, New Jersey, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Rhode Island, Utah, Vermont and Washington.

By Gabriella Benavidez, KVVU Fox 5 Vegas
Read More Here