Consumer Alert: Excellus agrees to increase cybersecurity in class action settlement

[anvplayer video=”5085240″ station=”998131″]

ROCHESTER, N.Y. (WHEC) — A major insurer based in Rochester is being forced to make major changes to protect your data.

Excellus Blue Cross Blue Shield provides health insurance for about 1.5 million folks in Upstate New York. Excellus is a part of the larger parent company, Lifetime Healthcare Companies, based here in Rochester.

In August of 2015, Excellus discovered that cyber thieves had been snooping around members’ private data for almost two years. And this breach was big. It exposed the private information of 9.3 million Excellus clients around the country. Thieves got access to names, birthdates, social security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claim information.

Excellus notified affected members and provided two years of identity theft protection, but the insurer’s problems didn’t end there. Members filed a class-action suit. And Monday, their attorneys announced a settlement that forces the insurer to make a number of changes to safeguard your private information.

  • It must increase and maintain a security budget.
  • It must develop a plan to dispose of your personal information within a certain time period.
  • It must improve security and better identify threats.
  • It must have an extensive data archiving program.

Excellus admits to no wrongdoing, but the company did have to pay a fine of 5.1 million to the Office of Civil Rights and the U.S. Department of Health and Human Services for having failed to protect your personal information.

So here’s the million-dollar question. If your identity was exposed, do you get a monetary award from this settlement? The answer is no. This settlement just provides injunctive relief which means it forces the defendant to take action. So plaintiffs are still able to sue for monetary damages.

If you have Excellus Blue Cross Blue Shield, you may have questions. So I reached out to the law firm that handled this case, Faraci Lange.

Their lawyers provided this link to information and contact numbers.