In September 2015, Excellus Health Plan, based in Rochester, N.Y., reported a data breach affecting 10 million records. The company's latest financial report shows the payer spent $17.3 million to respond to the cyberattack, according to a Democrat & Chronicle report.
Here are four things to know.
1. Insurance covered approximately $9.1 million of the payer's total expenses. Excellus picked up the rest.
2. The bulk of the total cost was attributed to Kroll Info Assurance, the company that is providing two years of identity theft protection and credit monitoring to the affected customers. The company billed Excellus $13.5 million, according to the report.
3. Legal expenses account for the majority of the remaining money spent.
4. The compromised records included Social Security numbers, names, addresses, financial information and medical information. Thus far, Excellus has found no evidence of the information was used inappropriately, according to the report.