Lawsuits filed over Anthem data breach
Lawsuits Filed Over Anthem Data Breach in California, Other States
Class-action lawsuits have been filed in California and two other states against health insurer Anthem over a data breach affecting about 80 million customers, former customers and employees, Modern Healthcare reports (Schencker, Modern Healthcare, 2/6).
Background on Breach
Anthem President and CEO Joseph Swedish said that hackers "gained access to [the insurer's] computer system and took information including names, birthdays, medical IDs/Social Security numbers, street addresses, email addresses and employment information, including income data."
The company has not yet identified the source of the cyberattack, but it could be the largest ever reported by a health care company and one of the largest breaches of customers' personal information.
Anthem Blue Cross, the insurer's California branch, and other affiliated health plans in the state have about eight million enrollees that could have been affected by the breach (California Healthline, 2/6).
According to experts, Anthem did not encrypt the consumer data it stored unlike medical information that is shared outside of its database. In addition, Anthem -- like many other health care organizations -- did not store personal data in separate databases that could be locked if an attack occurs, experts said (Abelson/Goldstein, New York Times, 2/5).
However, Anthem spokesperson Kristin Binn noted that encryption would not have prevented the recent data breach because the hacker used a system administrator's ID and password to enter the system (AP/San Francisco Chronicle, 2/6).
Details of Lawsuits
On Thursday, lawsuits were filed against the insurer in federal courts in Alabama, California and Indiana.
In California, the suit was filed by an Anthem policyholder who argues that members "paid more than they would have" for coverage "had they known how the company would fail to properly secure and misuse their personal information." The suit alleges that "shoddy security protocols ... made [Anthem] susceptible to the massive hack."
The California and Indiana lawsuits seek unspecified damages, while the Alabama case seeks lifetime consumer credit protection services for affected individuals, among other services and damages (Modern Healthcare, 2/6).
Jones Launches Examination of Anthem Blue Cross, Joins National Efforts
On Friday, California Insurance Commissioner Dave Jones (D) launched a financial and market conduct examination of Anthem Blue Cross.
In a release, DOI said it also "expects to be a lead participating state" in a multi-state investigation announced by the National Association of Insurance Commissioners.
Jones said, "The goal of this national multi-state examination should be to determine what areas of vulnerability exist in Anthem's data systems, what additional strategies and protections could have been employed to prevent losses and whether the insurer has taken the appropriate steps in response to the breach" (DOI release, 2/6).