New Hampshire joined 43 states in a settlement with Anthem stemming from the 2014 data breach that involved the personal information of 78.8 million Americans.
In New Hampshire, 667,866 residents were affected by the breach of Blue Cross and Blue Shield, according to Attorney General Gordon J. MacDonald. New Hampshire’s share of the $39.5 million settlement will be $365,166.
Under the settlement, Anthem will implement a series of data security and good governance provisions designed to strengthen its practices.
During the breach, which was disclosed in 2015, hackers gained access to Anthem members' names, health ID numbers, dates of birth, Social Security numbers, addresses, phone numbers, email addresses and employment information, including income data.
Anthem previously entered into a class action settlement that established a $115 million settlement fund to pay for additional credit monitoring, cash payments of up to $50, and reimbursement for out-of-pocket losses for affected consumers. The deadlines for consumers to submit claims under that settlement have since passed.
The security practices Anthem agreed to include:
• A prohibition against misrepresentations regarding the extent to which Anthem protects the privacy and security of personal information;
• Implementation of a comprehensive information security program, which includes reports to the Board of Directors and CEO;
• Security requirements including logging and monitoring and anti-virus maintenance;
• Third-party security assessments and audits for three years.
New Hampshire's participation in this multistate investigation and settlement was led by Senior Assistant Attorney General Brandon H. Garod, chief of the consumer protection and antitrust bureau.