The recent proposed settlement in the consolidated class action lawsuit against Anthem Inc. following a 2015 cyberattack on the health plan that impacted about 79 million individuals is significant for several reasons, says attorney Steven Teppler of the Abbott Law Group.
"In pure dollars, it is a record-setting settlement figure - $115 million is huge," Tappler, who was not involved in the case, says in an interview with Information Security Media Group. "But if you read the latest amended complaint ... people have undergone terrific hardships as a result of the compromise of ... personally identifiable information, plus health information."
By comparison, retailer Target settled a consumer breach lawsuit for just $10 million.
The proposed preliminary settlement - which is subject to federal court approval in August - provides for Anthem to establish a settlement fund that would be used to:
- Provide victims of the data breach with at least two years of credit monitoring;
- Cover out-of-pocket expenses incurred by consumers as a result of the data breach; and
- Provide cash compensation for those consumers who are already enrolled in credit monitoring.
"What will be interesting to see will be the kinds of claims that will be made against that [Anthem settlement] fund" Teppler says. "In the end you have [nearly] 80 million people at risk for ... identity theft," including medical identity theft, which can long-lasting ramifications.
For example, he points out, if fraudsters make claims for health insurance coverage using stolen identities, those could impair individuals' ability to obtain life insurance because of false medical information being added to their records, he says.
While most of the proposed provisions of the Anthem settlement are common in other data breach class action settlements, "one of things a bit novel [in the Anthem deal] is repayment of credit monitoring for already expended funds for victims," Teppler says.
In the interview (see audio link below photo), Teppler also discusses:
- Why Anthem and the plaintiffs likely decided to settle the case;
- Whether details about the cyberattack - and Anthem's related breach prevention and response programs - will ever be disclosed now that the case is on the track for settlement;
- The top lessons other organizations should learn from the Anthem case.
Teppler is a partner at the Abbott Law Group in Jacksonville, Fla., where he leads the electronic discovery and technology-related litigation practice. He was also one of the attorneys who represented plaintiffs in a data breach class action lawsuit against health plan AvMed that ended in a $3 million settlement in 2013. Teppler is an adjunct professor at Nova Southeastern University Law School.