Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Updated: July 12, 2019

CT to receive small piece of $10M Premera cyber settlement

A Washington-based health insurer’s failure to protect consumer personal data from hackers will pay $10 million to settle the matter, including over $52,000 to Connecticut, state officials announced.

The data breach exposed the personal information of more than 10 million consumers, officials said. In all, 30 state attorneys general joined Washington State’s legal action against the company, which they said failed to fix known cybersecurity flaws in its systems.

Of the affected consumers, approximately 15,000 were Connecticut residents, Attorney General William Tong’s office said.

It was unclear from Superior Court documents exactly how consumer data controlled Premera Blue Cross, which mainly does business in Washington and Alaska, came to possess data on such a far-reaching population of consumers.

When the company first announced the hack in early 2015, it said several of its affiliates were impacted, along with patients who had sought health care in its two core states over a certain time period. It's also possible that it insured employers who had workers in Connecticut, or treated Connecticut residents visiting either of its two states.

Connecticut’s portion of the overall settlement is based on that number of affected people.

The settlement also requires Premera to improve data security controls to better safeguard health information and to file reports on those efforts to Washington’s attorney general.

“No consumer should ever have to worry about their sensitive personal information being compromised by those who were entrusted to protect it," Tong said in a statement.”

Sign up for Enews


Order a PDF