First Lawsuits Filed in Response to Anthem Data Breach Disclosure

Feb. 9, 2015
On Feb. 9, USA Today reported that the first lawsuits have already been filed as a result of the data breach experienced by the Indianapolis-based Anthem Health, and which Anthem had disclosed on Feb. 4

On Feb. 9, USA Today reported that the first lawsuits have already been filed as a result of the data breach experienced by the Indianapolis-based Anthem Health, and which Anthem had disclosed on Feb. 4. According to the USA Today report, at least four had been filed by Monday morning, in Indiana, California, Alabama, and Georgia.

The breach of data security at the nation’s second-largest health insurance company, had been detected on Jan. 27, when an Anthem IS administrator discovered that outsiders were using his own security credentials to log into the company’s information system and stealing data. The hackers had succeeded in penetrating the system and stealing customer data sometime between Dec. 10 and Jan. 27, with attempts possibly having been made earlier in 2014, according to Anthem spokesperson Kristin Binns.

Hackers had gained access to a company database that included members’ names, birthdays, Social Security numbers, addresses, and employment data, including income, but not credit card information.

Monday morning’s USA Today story included  quotes from David Damoto, managing director at FireEye, a security firm brought in to help Anthem analyze the data breach, which may have affected up to 80 million people. “We… saw evidence that the attacker was interested in very specific information, in this case, the database,” Damoto told USA Today. “They did very methodical reconnaissance into the database,” adding that “Attribution takes a lot of data. I think everyone’s just speculating” as to whether Chinese hackers might have been involved, as some press reports citing unnamed sources have stated. “At this point in time, we’re working very closely with the FBI and we haven’t jointly provided any attribution,” Damoto added.

As the USA Today report noted, “Some have questioned why Anthem would have maintained a single database containing information about 80 million current and former members. However,” the report added, “in the healthcare industry, such databases are useful, said J.J. Thompson, the CEO of Rook Security, an Indianapolis-based computer security firm.”

The story quoted Thompson as saying, “If I have my security hat on, I’d say, ‘Never put all your eggs in one basket.’ But in the healthcare world, having the database could lead to better patient outcomes. But it should have been encrypted. I hope it was encrypted.”

All four lawsuits referenced in the USA Today article are class action lawsuits, filed against anthem and/or its affiliate subsidiaries or units, on behalf of large groups of plaintiffs. The Indiana suit, filed in U.S. District Court for the Southern District of Indiana, Indianapolis Division, on Feb. 5, includes in its opening statement, the following:  “Anthem’s conduct—failing to take adequate and reasonable  measures to ensure its data systems were protected, failing to take available steps to prevent and stop the breach from ever happening, failing to disclose to its customers the material facts that it did not have adequate computer systems and security practices to safeguard customers’ financial account and personal data, and failing to provide timely and adequate notice of the Anthem data breach—has caused substantial consumer harm and injuries to consumers across the United States.”

Healthcare Informatics will continue to update readers on developments in this situation, as new developments emerge.

Sponsored Recommendations

State of the Market: Transforming Healthcare; Strategies for Building a Resilient and Adaptive Workforce

The U.S. healthcare system is facing critical challenges, including workforce shortages, high turnover, and regulatory pressures. This guide highlights the vital role of technology...

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...