30 States Sign $10.4M Agreement With Premera Blue Cross Over Data Breach Impacting Millions

The Associated Press: Premera Blue Cross Pays States $10 Million Over Data Breach
Premera Blue Cross, the largest health insurer in the Pacific Northwest, has agreed to pay $10 million to 30 states following an investigation into a data breach that exposed confidential information on more than 10 million people across the country. The settlement, negotiated with the Washington attorney general's office and filed in state court Thursday, comes several weeks after Premera said it would spend $74 million to settle a federal class-action lawsuit on behalf of affected customers. (Johnson, 7/11)

NJ.com: Settlement Reached In Cyber Breach That Exposed Data Of 40K Residents In N.J.
As part of the settlement, insurer Premera Blue Cross Blue Shield agreed to implement data security measures, including hiring a chief information security officer, ensuring data is safeguarded in line with laws and provide data security reports to state attorneys general, officials said in an announcement. (Cohen, 7/11)

The Oregonian: Premera Blue Cross Agrees To Pay $10.4 Million To Oregon, 29 States After Massive Data Breach
[Oregon] state officials said auditors had alerted Premera to the vulnerabilities in its system, including that it was slow to install software updates and security patches, but the company failed to fix them. They accused Premera, also known as LifeWise Health Plan of Oregon, of failing to meet its obligations to protect the data under the federal Health Insurance Portability and Accountability Act, known as HIPAA, and Washington's Consumer Protection Act. (7/11)