Ohio Attorney General Dave Yost on Wednesday announced a multistate settlement requiring the health insurance company Premera Blue Cross to pay $10 million for its failure to secure sensitive consumer data.
Premera’s insufficient data security exposed the protected health and personal information of more than 10.4 million consumers nationwide, including 52,677 people in Ohio.
A coalition of 30 states investigated Premera’s cybersecurity vulnerabilities that gave a hacker unrestricted access to protected health information for almost a year.
“Exposing personal information gets to the core of vulnerability – it can now be used whenever, however and without your knowledge,” Yost said. “Premera was well aware of its faulty defenses and had been warned but rather decided to sweep the problem under the rug.”
Under the settlement, Premera will pay $10 million total to the states, with $67,792 going to Ohio.