Anthem Blue Cross settles over California data breach

One of California's largest health insurers has agreed to pay a settlement sum for an alleged data breach that compromised the personal health information of 33,756 of its members.

On Monday, California Attorney General Kamala D. Harris announced a settlement with Blue Cross of California – a corporation doing business as Anthem Blue Cross – which agreed to pay the state $150,000 to settle the claim.

The lawsuit, which was filed in Los Angeles Superior Court along with the settlement, alleges that Blue Cross of California printed Social Security numbers on letters mailed to 33,756 of its Medicare Supplement and Medicare Part D subscribers between April 2011 and March 2012. The complaint states that Anthem’s conduct violated a state law that restricts the disclosure of Social Security numbers.

[See also: Top 5: Data breach winners and losers by state.]

“Our office is committed to protecting the privacy of Californians,” said Attorney General Harris in a state press release. "This settlement requires the company to make significant improvements to its data security procedures to ensure this type of error does not happen again."

After the incident, Anthem sent a letter to all affected members whose Social Security numbers were visible through the mailed envelope, notifying them of the breach and offering each a year of free credit monitoring services.

The settlement also requires Anthem to implement new technical safeguards for its data management system, to restrict employee access to members' Social Security numbers and to provide enhanced data security training for all of its associates, all of which are required to be enacted within a 90-day period.

[See also: Slideshow: 10 biggest HIPAA data breaches in the U.S.]