Horizon Blue Cross Blue Shield of New Jersey agreed to pay $1.1 million to settle allegations that it failed to encrypt the personal data of nearly 690,000 policyholders on two laptop computers that were stolen from the company's Newark, N.J., headquarters in November 2013, the New Jersey Division of Consumer Affairs said Friday.

As part of the settlement, Horizon must hire an outside expert to analyze security risks associated with the storage, transmission, and receipt of electronic-protected health information and to submit a report of those findings to the Division of Consumer Affairs within 180 days of the settlement and then annually for two years.

Horizon said: "While it is reassuring that not a single confirmed incident of identity theft is traceable to the two stolen laptops, Horizon remains vigilant in protecting our members' privacy through consistent attention to and significant investment in our physical and cyber security practices."

The Third Circuit Court of Appeals in January overturned the dismissal of a putative class-action suit filed after the 2013 data breach, concluding that even without evidence of misuse the improper disclosure itself constituted an injury.