A settlement has been reached in a class action lawsuit over a data breach that hit Excellus Health Plan several years ago.
That breach was discovered in 2015, and the cyberattack affected more than 10 million people.
There was a class action suit, and attorney Hadley Lundback Matarazzo with the Western New York-based law firm Faraci Lange LLP is a co-lead counsel for the plaintiffs.
She said that even before this settlement, Excellus had been making changes to its business practices to improve the security of their data.
“(Excellus) had already begun making some pretty significant changes to its security controls,” said Lundback Matarazzo. “And what this settlement would do is ensure that they continue to make business practice changes and continue to enforce changes that are made in order to better safeguard customer data going forward.”
Excellus Director of Communications Joy Davia Auch released a statement saying that the company is pleased to be resolving the matter and said that they take “the security of our data and the personal information of our members, providers and business partners very seriously.”
Davia Auch also said that Excellus is “proud of the strides we’ve made to further protect sensitive data” since the time of the attack.
Excellus made no admission of liability, and said it agreed to terms for injunctive relief which is focused on ensuring that the health plan maintains a certain level of commitment and investment in its information technology and security practices.
The settlement does not preclude people affected by the data breach from suing for monetary damages.
A federal judge will conduct a hearing for the final approval of the settlement of the class action suit on April 13, 2022.
