$4.35M Excellus Breach Lawsuit Settlement Requires Data Retention, Security Overhaul
“A proposed settlement has been reached in a class-action data breach lawsuit against Excellus Health Plan, affiliate companies, and Blue Cross Blue Shield Association, which would result in millions of dollars in injunctive relief and require the insurer to make numerous improvements to its security program,” reports Jessica Davis in SC Media.
“The class-action lawsuit involves 14 proposed cases that call into question Excellus’ security program, as well as delays with its notification and communication gaps to fully explain risks the incident posed to plan members. The settlement stems from a 2015 breach that impacted 10.5 million people, which Excellus did not discover until 18,”