Aetna agrees to US$ 17 million (£12 million) to settle data breach

Aetna will pay a US$ 17.1 million (£12.3 million) as part of a settlement for a July 2017 data breach that may have compromised the personal health information of thousands of HIV patients in the US.

The deal will resolve the claims made by Aetna customers in 23 states who were notified by the company that their HIV prescription notifications were sent in envelopes with a clear address window, possibly enabling an unauthorised party to view the contents, according to a Tripwire report. About 12,000 people were involved in this mailing.

Each person involved in the incident will receive at least US$ 500 (£360) with 1,600 of those customers who may have had their personal health information revealed to Aetna’s legal counsel or the mail vendor being given an additional US$ 75 (£54).

The month before this took place Aetna was involved in a separate incident when more than 2,000 Ohio and Texas Aetna customers had some of their personal information compromised when the information was accidentally exposed to unauthorised individuals.