Attorney General's suit against Premera ends in $10 million nationwide settlement

State Attorney General
Bob Ferguson

As a result of an Attorney General’s Office investigation, Premera Blue Cross, the largest health insurance company in the Pacific Northwest, will pay $10 million nationwide for failing to secure sensitive consumer data and for misleading consumers before and after a data breach affecting millions across the country. 

Attorney General Bob Ferguson led a coalition of 30 state attorneys general investigating the company’s practices.

The data breach affected the information of more than 10.4 million individuals nationwide, including more than 6.4 million Washingtonians. 

Under the consent decree, filed today in Snohomish County Superior Court, Premera will pay $5.4 million of the total recovery to the Washington State Attorney General’s Office, which will go towards continued enforcement of state data security and privacy laws, and nearly $4.6 million to the coalition of states that joined Ferguson’s legal action.

Premera’s $10 million payment to the states is in addition to any payment from the proposed class action settlement, which was filed in federal court in Oregon but not yet finalized by the court.

The consent decree also legally requires Premera to implement specific data security controls to protect personal health information, annually review its security practices and provide data security reports to the Washington State Attorney General’s Office.

“Premera had an obligation to safeguard the privacy of millions of Washingtonians — and failed,” Ferguson said. 

“As a result, millions had their sensitive information exposed. Premera repeatedly ignored both its own employees and cybersecurity experts who warned millions of consumers' sensitive health information was at risk.”

More details here