SmallBiz Small Talk Cybercrime

This Feb 23, 2019, photo shows the inside of a computer in Jersey City, N.J. A cyberattack that leads to down time and lost data can be more costly for smaller companies than for larger businesses, an average of $763 per affected computer or other device versus $470, according to a 2018 study by the Poneman Institute, which researches data protection. (AP Photo/Jenny Kane)

LAS VEGAS (FOX5) -- Nevada Attorney General Aaron Ford and 29 other attorneys general announced a filed settlement that requires a health insurance company to pay $10 million to resolve claims about its failure to secure consumer date.

According to a statement from Ford's office, Premera Blue Cross, based in the pacific northwest, had insufficient data security that exposed health information of more than 10 million consumers nationwide. Almost 50,000 customers were Nevadans.

From May 5, 2014 to March 6, 2015, a hacker had unauthorized access to the Premera network, including private health information. According to the statement, the hacker also had access to social security numbers, bank account information, names, addresses, phone numbers, dates of birth, member ID numbers and email address. 

"Despite years of warnings, this company recklessly exposed some of the most sensitive consumer information," said Ford. "This settlement not only gets justice for Nevada, but also puts everyone on notice that we are serious about data privacy and we will aggressively act to protect consumer information."

A coalition of 30 states investigated Premera's cybersecurity vulnerabilities and found the hacker to advantage of multiple weaknesses in the company's system, the statement said. Years prior to the breach, cybersecurity experts and auditors warned the company about its "inadequate security program."

In addition to the settlement payment, Premera was also ordered to implement specific data security controls "intended to protect personal health information, annually review is security practices and provide data security reports to the attorneys general," the statement said.

The complaint the attorneys general filed against Premera alleges the company mislead consumers nationwide about its privacy practices in the aftermath of a data breach.

"They also misled consumers about the security measures in place, even though multiple security experts and auditors warned the company of its security vulnerabilities prior to the breach," the statement said.

Aside from Nevada, other states involved in the settlement include Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, New Jersey, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Rhode Island, Utah, Vermont and Washington.

Copyright 2019 KVVU (KVVU Broadcasting Corporation). All rights reserved 

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.